ISO 9001 Internal Audit Checklist for Quality Management Systems

There are four main objectives of an ISO 9001 audit:

• To verify opportunities to improve the QMS,
• To verify conformance to applicable standards,
• To verify conformance to documented processes and procedures,
• To verify effectiveness of business processes.

This checklist is not intended to be a script that the auditor follows verbatim. Rather, it should be used as a tool to ensure that the basic requirements have been addressed and that adequate evidence has been recorded.

“The most effective audits are those during which auditors simply talk with the auditees to learn everything they can about the process being audited.” – Ann W. Phillips, from ISO 9001:2015 Internal Audits Made Easy

This checklist is designed as a supplement, and is not intended to replace ISO 9001.

For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as it cannot provide specific guidance on the particular risks and controls applicable to every situation.

Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and objectives of the quality management system being audited.

Before beginning preparations for the audit, enter some basic details using the form fields below.

Audit programme manager information

Auditee information

If this process involves multiple people, you can use the members form field to allow the person running this checklist to select and assign additional individuals.

For example, if management is running this checklist, they may wish to assign the lead internal auditor after completing the basic audit details.

In order to understand the context of the audit, the audit programme manager should take into account the auditee’s:

Record the context of the audit in the form field below.

The audit programme manager needs to establish objectives of the QMS audit.

Individual audit objectives need to be consistent with the context of the auditee, including the following factors:

Audit scope should be consistent with the context of the auditee.

Consider the following factors, and define the audit scope in the form field below:

For individual audits, criteria should be defined to be used as a reference against which conformity will be determined.

Individual audit criteria might include:

Record individual audit criteria in the form field below:

Audit programme managers should also make sure that tools and systems are in place to ensure adequate monitoring of the audit and all relevant activities.

Relevant activities to be monitored might include any of the following:

Request all existing relevant QMS documentation from the auditee. You can use the form field below to quickly and easily request this information

Audit programme managers should assign audit team members.

When deciding on your audit team, consider the following:

Use the members fields below to assign audit team members.

Should you require fewer or more audit team members, edit this template to your requirements.

Audit programme managers should be responsible for assigning the audit team leader.

This should be done well ahead of the scheduled date of the audit, to be sure that planning can take place in a timely manner.

A dynamic due date has been set for this task, for one month before the scheduled start date of the audit.

Use the form fields below to record the details of the lead auditor.

The lead auditor should obtain and review all documentation of the auditee’s management system.

This will help to prepare for individual audit activities, and will serve as a high-level overview from which the lead auditor will be able to better identify and understand areas of concern or nonconformity.

Documented information is an umbrella term that could refer to:

• Processes (either recorded on paper or with software)
• Management system documents and records
• Previous audit reports

The above list is by no means exhaustive. The lead auditor should also take into account individual audit scope, objectives, and criteria.

Reference material, such as individual ISO standards, will be useful at this point.

Using the form-fields below, record any issues of nonconformities observed.

Using the form field below, describe the issue(s) with documented information so far, and the steps taken to resolve the issue(s). 

The lead auditor should prepare an audit plan for the individual audit.

This plan should involve the following components and considerations:

The lead auditor should assign work to the audit team.

Work to be assigned should be outlined in the audit plan.

You can use Process Street’s task assignment feature to assign specific tasks in this checklist to individual members of your audit team.

The lead auditor should make contact with the auditee and ensure the following:

Any scheduling of audit activities should be made well in advance.

For example, the dates of the opening and closing meetings should be provisionally declared for planning purposes.

An opening meeting between the auditee and all relevant parties should be held.

It’s advised that the opening meeting should be led by the lead auditor.

The scheduling for this meeting should have already been determined earlier in the checklist.

During the opening meeting, confirm the following with all relevant parties:

Typically, such an opening meeting will involve the auditee’s management, as well as crucial actors or specialists in relation to processes and procedures to be audited.

This meeting is a great opportunity to ask any questions about the audit process and generally clear the air of uncertainties or reservations.

Depending on the size and scope of the audit (and as such the organization being audited) the opening meeting might be as simple as announcing that the audit is starting, with a simple explanation of the nature of the audit.

Familiarity of the auditee with the audit process is also an important factor in determining how extensive the opening meeting should be.

During the opening meeting, the following items should be clearly communicated:

Where, when, and how information is accessible is a crucial factor during the audit.

It’s important to make clear where all relevant interested parties can find important audit information.

Make sure important information is readily accessible by recording the location in the form fields of this task.

You may want to consider uploading important information to a secure central repository (URL) that can be easily shared to relevant interested parties.

Audits can store important information both physically and/or virtually.

Understanding the context of the organization is necessary when developing a quality management system in order to identify, analyze, and understand the business environment in which the organization conducts its business and realizes its product.

Record information pertaining to the organization and its context in the form fields below.

Provide a record of evidence gathered relating to the needs and expectations of interested parties in the form fields below.

The scope of the QMS is basically a description of the processes, procedures, services, and products that the QMS applies to.

Provide a record of evidence gathered relating to the QMS scope in the form fields below.

Provide a record of evidence gathered relating to the QMS leadership in the form fields below.

Provide a record of evidence gathered relating to the QMS customer focus in the form fields below.

Provide a record of evidence gathered relating to the QMS quality policy in the form fields below.

Provide a record of evidence gathered relating to the organizational roles, responsibilities, and authorities of the QMS in the form fields below.

Provide a record of evidence gathered relating to the documentation of risks and opportunities in the QMS using the form fields below.

Provide a record of evidence gathered relating to the QMS quality objectives in the form fields below.

Provide a record of evidence gathered relating to the QMS procedures for implementing changes in the form fields below.

Provide a record of evidence gathered relating to the QMS organization and allocation of resources in the form fields below.

Provide a record of evidence gathered relating to the integration of HR within the QMS using the form fields below.

Provide a record of evidence gathered relating to the QMS infrastructure in the form fields below.

Provide a record of evidence gathered relating to the QMS work environment in the form fields below.

Provide a record of evidence gathered relating to the QMS systems for monitoring and measuring resources using the form fields below.

Provide a record of evidence gathered relating to the QMS organizational knowledge in the form fields below.

Provide a record of evidence gathered relating to the QMS competence in the form fields below.

Provide a record of evidence gathered relating to the QMS awareness in the form fields below.

Provide a record of evidence gathered relating to the communication of the QMS within the organization using the form fields below.

Provide a record of evidence gathered relating to the documented information of the QMS in the form fields below.

Provide a record of evidence gathered relating to the QMS process control in the form fields below.

Provide a record of evidence gathered relating to the determination of specific requirements for products and services within the QMS in the form fields below.

Provide a record of evidence gathered relating to the development and design of products and services within the QMS in the form fields below.

Provide a record of evidence gathered relating to the design and development inputs of the QMS in the form fields below.

Provide a record of evidence gathered relating to the design and development controls of the QMS in the form fields below.

Provide a record of evidence gathered relating to the design and development outputs of the QMS in the form fields below.

Provide a record of evidence gathered relating to the design and development changes of the QMS in the form fields below.

Provide a record of evidence gathered relating to externally provided products and services within the QMS using the form fields below.

Provide a record of evidence gathered relating to type and extent of control in the QMS using the form fields below.

Provide a record of evidence gathered relating to the information for external providers of the QMS using the form fields below.

Provide a record of evidence gathered relating to the control of production and services provision of the QMS using the form fields below.

Provide a record of evidence gathered relating to the identification and traceability of production control of the QMS using the form fields below.

Provide a record of evidence gathered relating to the control of external provider (or customer) property in the QMS using the form fields below.

Provide a record of evidence gathered relating to the preservation procedures documented and implemented by the QMS using the form fields below.

Provide a record of evidence gathered relating to the post-delivery activities documented and implemented by the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of control of changes in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of release of products and services in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of control of nonconforming outputs in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of performance evaluation in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of customer satisfaction in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of performance analysis and evaluation procedures in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of internal audit procedures in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of management review procedures in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of procedures for nonconformity and corrective action in the QMS using the form fields below.

Provide a record of evidence gathered relating to the documentation and implementation of procedures for continuous improvement in the QMS using the form fields below.

So far, you’ll have made records of the auditee’s documentation and implementation of QMS policies and procedures using the form fields in the completed tasks so far (audit evidence).

You should also have made notes on both conformities and nonconformities alongside relevant suggestions for corrective action or opportunities for improvement (audit findings).

Below is an overview of the audit so far.

---

Context of the organization

---

Organization and its context

Internal issues: {{form.Internal_issues_information}}

External issues: {{form.External_issues_information}}

Relevant interested parties: {{form.Relevant_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_organization_and_its_context?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_its_context}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_its_context_2}}

Suggestions: {{form.Suggestions_for_organization_and_its_context}}

Needs and expectations of interested parties

Information: {{form.Needs_and_expectations_of_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}

Recorded conformities: {{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}

Recorded nonconformities: {{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties_2}}

Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}

QMS scope

Information: {{form.QMS_scope_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_scope?}}

Recorded conformities: {{form.Record_conformities_for_QMS_scope}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_scope_2}}

Suggestions: {{form.Suggestions_for_QMS_scope}}

---

Leadership

---

QMS leadership

Information: {{form.QMS_leadership_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_leadership?}}

Recorded conformities: {{form.Record_conformities_for_QMS_leadership}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_leadership_2}}

Suggestions: {{form.Suggestions_for_QMS_leadership}}

Customer focus

Information: {{form.QMS_customer_focus_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_customer_focus?}}

Recorded conformities: {{form.Record_conformities_for_QMS_customer_focus}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_customer_focus_2}}

Suggestions: {{form.Suggestions_for_QMS_customer_focus}}

Quality policy

Information: {{form.QMS_quality_policy_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_policy?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_policy}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_policy_2}}

Suggestions: {{form.Suggestions_for_QMS_quality_policy}}

Organizational roles and responsibilities

Information: {{form.QMS_roles_and_responsibilities_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_roles_and_responsibilities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_roles_and_responsibilities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_roles_and_responsibilities_2}}

Suggestions: {{form.Suggestions_for_QMS_roles_and_responsibilities}}

---

QMS planning

---

Documentation of risks and opportunities

Risks information: {{form.QMS_risks_information}}

Procedures for risk mitigation information: {{form.Procedures_for_risk_mitigation_information}}

Opportunities information: {{form.QMS_opportunities_information}}

Procedures for engaging opportunities information: {{form.Procedures_for_engaging_opportunities_information}}

Any nonconformities?: {{form.Nonconformity_with_documentation_of_QMS_risks_and_opportunities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_risks_and_opportunities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_risks_and_opportunities_2}}

Suggestions: {{form.Suggestions_for_QMS_risks_and_opportunities}}

Quality objectives

Information: {{form.QMS_quality_objectives_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_objectives?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_objectives}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_objectives}}

Suggestions: {{form.Suggestions_for_QMS_quality_objectives}}

Procedures for change to QMS

Information: {{form.Procedures_for_change_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_change?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_change}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_change_2}}

Suggestions: {{form.Suggestions_for_procedures_for_change}}

---

Support

---

Organization and allocation of QMS resources

Information: {{form.Organization_and_allocation_of_resources_information}}

Any nonconformities?: {{form.Nonconformity_for_organization_and_allocation_of_resources?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_allocation_of_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_allocation_of_resources_2}}

Suggestions: {{form.Suggestions_for_organization_and_allocation_of_resources}}

HR integration

Information: {{form.HR_integration_information}}

Any nonconformities?: {{form.Nonconformity_with_HR_integration?}}

Recorded conformities: {{form.Record_conformities_for_HR_integration}}

Recorded nonconformities: {{form.Record_nonconformities_for_HR_integration_2}}

Suggestions: {{form.Suggestions_for_HR_integration}}

QMS infrastructure

Information: {{form.QMS_infrastructure_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_infrastructure?}}

Recorded conformities: {{form.Record_conformities_for_QMS_infrastructure}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_infrastructure_2}}

Suggestions: {{form.Suggestions_for_QMS_infrastructure}}

QMS work environment

Information: {{form.QMS_work_environment_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_work_environment?}}

Recorded conformities: {{form.Record_conformities_for_QMS_work_environment}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_work_environment_2}}

Suggestions: {{form.Suggestions_for_QMS_work_environment}}

Systems for monitoring and measurement of resources

Information: {{form.Systems_for_monitoring_and_measuring_resources_information}}

Any nonconformities?: {{form.Nonconformity_with_systems_for_monitoring_and_measuring_resources?}}

Recorded conformities: {{form.Record_conformities_for_systems_for_monitoring_and_measuring_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_resources_2}}

Suggestions: {{form.Suggestions_for_monitoring_and_measuring_resources}}

Organizational knowledge of the QMS

Information: {{form.Organizational_knowledge_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_organizational_knowledge_of_QMS_informaiton?}}

Recorded conformities: {{form.Record_conformities_for_organizational_knowledge_of_QMS_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_organizational_knowledge_of_QMS_information_2}}

Suggestions: {{form.Suggestions_for_organizational_knowledge_of_QMS_information}}

QMS competence

Information: {{form.QMS_competence_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_competence?}}

Recorded conformities: {{form.Record_conformities_for_QMS_competence}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_competence_2}}

Suggestions: {{form.Suggestions_for_QMS_competence}}

QMS awareness

Information: {{form.QMS_awareness_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_awareness?}}

Recorded conformities: {{form.Record_conformities_for_QMS_awareness}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_awareness_2}}

Suggestions: {{form.Suggestions_for_QMS_awareness}}

Communication of QMS within the organization

Information: {{form.Communication_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_communication_of_QMS?}}

Recorded conformities: {{form.Record_conformities_for_communication_of_QMS}}

Recorded nonconformities: {{form.Record_nonconformities_for_communication_of_QMS_2}}

Suggestions: {{form.Suggestions_for_communication_of_QMS}}

Documented information

Information: {{form.Documented_information_notes}}

Any nonconformities?: {{form.Nonconformity_with_documented_information?}}

Recorded conformities: {{form.Record_conformities_for_documented_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_documented_information_2}}

Suggestions: {{form.Suggestions_for_documented_information}}

---

Operation

---

Process control

Information: {{form.Process_control_information}}

Any nonconformities?: {{form.Nonconformity_with_process_control?}}

Recorded conformities: {{form.Record_conformities_for_process_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_process_control_2}}

Suggestions: {{form.Suggestions_for_process_control}}

Determination of requirements for products and services

Information: {{form.Determination_of_requirements_for_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_determination_of_requirements_for_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_determination_of_requirements_for_product_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_determination_of_requirements_for_product_and_services_2}}

Suggestions: {{form.Suggestions_for_determination_of_requirements_for_product_and_services}}

Design and development of products and services

Information: {{form.Design_and_development_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_design_and_development_of_products_and_services}}

Design and development inputs

Information: {{form.Design_and_development_inputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_inputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_inputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_inputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_inputs}}

Design and development controls

Information: {{form.Design_and_development_controls_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_controls?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_controls}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_controls_2}}

Suggestions: {{form.Suggestions_for_design_and_development_controls}}

Design and development outputs

Information: {{form.Design_and_development_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_outputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_outputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_outputs}}

Design and development changes

Information: {{form.Design_and_development_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_changes?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_changes_2}}

Suggestions: {{form.Suggestions_for_design_and_development_changes}}

Control of externally provided products and services

Information: {{form.Control_of_externally_provided_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_externally_provided_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_control_of_externally_provided_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_externally_provided_products_and_services_2}}

Suggestions: {{form.Suggestions_for_control_of_externally_provided_products_and_services}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Identification and traceability of production control

Information: {{form.Identification_and_traceability_of_production_control_information}}

Any nonconformities?: {{form.Nonconformity_with_identification_and_traceability_of_production_control?}}

Recorded conformities: {{form.Record_conformities_for_identification_and_traceability_of_production_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_identification_and_traceability_of_production_control_2}}

Suggestions: {{form.Suggestions_for_identification_and_traceability_of_production_control}}

Control of external provider/customer property

Information: {{form.Control_of_external_provider/customer_property_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_external_provider/customer_property?}}

Recorded conformities: {{form.Record_conformities_for_control_of_external_provider/customer_property}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_external_provider/customer_property_2}}

Suggestions: {{form.Suggestions_for_control_of_external_provider/customer_property}}

Preservation procedures

Information: {{form.Preservation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_preservation_procedures?}}

Recorded conformities: {{form.Record_conformities_for_preservation_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_preservation_procedures_2}}

Suggestions: {{form.Suggestions_for_preservation_procedures}}

Post-delivery activities

Information: {{form.Post-delivery_activities_information}}

Any nonconformities?: {{form.Nonconformity_with_post-delivery_activities?}}

Recorded conformities: {{form.Record_conformities_for_post-delivery_activities}}

Recorded nonconformities: {{form.Record_nonconformities_for_post-delivery_activities_2}}

Suggestions: {{form.Suggestions_for_post-delivery_activities}}

Control of changes

Information: {{form.Control_of_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_changes?}}

Recorded conformities: {{form.Record_conformities_for_control_of_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_changes_2}}

Suggestions: {{form.Suggestions_for_control_of_changes}}

Release of products and services

Information: {{form.Release_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_release_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_release_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_release_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_release_of_products_and_services}}

Control of nonconforming outputs

Information: {{form.Control_of_nonconforming_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_nonconforming_outputs?}}

Recorded conformities: {{form.Record_conformities_for_control_of_nonconforming_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_nonconforming_outputs_2}}

Suggestions: {{form.Suggestions_for_control_of_nonconforming_outputs}}

---

Performance evaluation

---

QMS performance evaluation

Information: {{form.QMS_performance_evaluation_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_performance_evaluation?}}

Recorded conformities: {{form.Record_conformities_for_QMS_performance_evaluation}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_performance_evaluation_2}}

Suggestions: {{form.Suggestions_for_QMS_performance_evaluation}}

Customer satisfaction

Information: {{form.Customer_satisfaction_information}}

Any nonconformities?: {{form.Nonconformity_with_customer_satisfaction?}}

Recorded conformities: {{form.Record_conformities_for_customer_satisfaction}}

Recorded nonconformities: {{form.Record_nonconformities_for_customer_satisfaction_2}}

Suggestions: {{form.Suggestions_for_customer_satisfaction}}

Performance analysis and evaluation procedures

Information: {{form.Performance_analysis_and_evaluation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_performance_analysis_and_evaluation_of_procedures?}}

Recorded conformities: {{form.Record_conformities_for_performance_analysis_and_evaluation_of_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_performance_analysis_and_evaluation_of_procedures_2}}

Suggestions: {{form.Suggestions_for_performance_analysis_and_evaluation_of_procedures}}

Internal audit procedures

Information: {{form.Internal_audit_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_internal_audit_procedures?}}

Recorded conformities: {{form.Record_conformities_for_internal_audit_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_internal_audit_procedures_2}}

Suggestions: {{form.Suggestions_for_internal_audit_procedures}}

Management review procedures

Information: {{form.Management_review_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_management_review_procedures?}}

Recorded conformities: {{form.Record_conformities_for_management_review_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_management_review_procedures_2}}

Suggestions: {{form.Suggestions_for_management_review_procedures}}

---

Improvement

---

Procedures for nonconformity and corrective action

Information: {{form.Procedures_for_nonconformity_and_corrective_action_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_nonconformity_and_corrective_action?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_nonconformity_and_corrective_action}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_nonconformity_and_corrective_action_2}}

Suggestions: {{form.Suggestions_for_procedures_for_nonconformity_and_corrective_action}}

Procedures for continuous improvement

Information: {{form.Procedures_for_continuous_improvement_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_continuous_improvement?}}

Recorded conformities: {{form.Record_conformities_for_continuous_improvement_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_continuous_improvement_procedures_2}}

Suggestions: {{form.Suggestions_for_continuous_improvement_procedures}}

Audit reports should be issued within 24 hours of the audit to ensure the auditee is given opportunity to take corrective action in a timely, thorough fashion

If the report is issued several weeks after the audit, it will typically be lumped onto the “to-do” pile, and much of the momentum of the audit, including discussions of findings and feedback from the auditor, will have faded.

The lead auditor should prepare the audit report.

This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been evaluated against criteria.

The audit report is the final record of the audit; the high-level document that clearly outlines a complete, concise, clear record of everything of note that happened during the audit.

Use the sub-checklist below to check off important items included within the audit report:

Use the form field below to upload the completed audit report.

As stressed in the previous task, that the audit report is distributed in a timely manner is one of the most important aspects of the entire audit process.

Use the email widget below to quickly and easily distribute the audit report to all relevant interested parties.

By default, the widget will send the report to:

• The auditee main point of contact (Auditee main point of contact)
• The audit programme manager (Audit programme manager email
• The lead auditor (Lead auditor email)

Should you want to distribute the report to additional interested parties, simply add their email addresses to the email widget below:

Depending on the outcome of the audit, there may be a need for follow-up action.

Follow-up action might include:

• Corrective action in response to nonconformities
• Opportunities for improvement
• Actions to address risks and opportunities

A time-frame should be agreed upon between the audit team and auditee within which to carry out follow-up action.

As part of the follow-up actions, the auditee will be responsible for keeping the audit team informed of any relevant activities undertaken within the agreed time-frame. The completion and effectiveness of these actions will need to be verified – this may be part of a subsequent audit.

In any case, recommendations for follow-up action should be prepared ahead of the closing meetingand shared accordingly with relevant interested parties.

Use the form fields below to record follow-up action suggestions.

Before the closing meeting, the audit team should make adequate preparations.

Make sure the following items are resolved ahead of the closing meeting:

Just like the opening meeting, it’s a great idea to conduct a closing meeting to orient everyone with the proceedings and outcome of the audit, and provide a firm resolution to the whole process.

The main point of the closing meeting should be to present audit findings and conclusions.

Lead auditors should be responsible for presenting audit findings and conclusions.

You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant interested parties are in attendance at the closing meeting:

Once attendance has been taken, the lead auditor should go over the complete audit report, with special attention placed on:

Depending on the situation and context of the audit, formality of the closing meeting can vary.

For more formal audits, minutes and records of attendance can be kept.

For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit findings and audit conclusions.

In any case, during the course of the closing meeting, the following should be clearly communicated to the auditee:

The audit is to be considered formally complete when all planned activities and tasks have been completed, and any recommendations or future actions have been agreed upon with the audit client.

All information documented during the course of the audit should be retained or disposed of, depending on:

• The nature of the information (sensitive, proprietary, etc.)
• Requirements for particular management system standards
• Any other agreements between relevant interested parties

It should be assumed that any information collected during the audit should not be disclosed to external parties without written approval of the auditee/audit client.

However, it may sometimes be a legal requirement that certain information be disclosed. Should that be the case, the auditee/audit client must be informed as soon as possible.

• ISO – ISO 9001:2015
• ISO – ISO 45001:2018
• ISO – ISO 27001:2013
• ISO – ISO 26000:2010
• ISO – ISO 19011:2018
• ISO – Consolidated ISO Supplement
• ISO – Management System Standards
• Samuel O. Idowu, Catalina Sitnikov, Lars Moratis – ISO 26000 – A Standardized View on Corporate Social Responsibility
• Martin Hinsch – ISO 9001:2015 for Everyday Operations
• David Lilburn Watson, Andrew Jones – Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements

• ISO 19011 Management Systems Audit Checklist
• ISO 45001 Occupational Health and Safety (OHS) Audit Checklist
• ISO 27001 Information Security Management System (ISO 27K ISMS) Audit Checklist
• ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist
• ISO 9000 Structure Template
• ISO 9000 Marketing Procedures
• ISO 14001 Environmental Management Self Audit Checklist
• ISO 14001 EMS Structure Template
• ISO 14001 EMS Mini-Manual Procedures
• ISO 26000 Social Responsibility Performance Assessment Checklist
• FMEA Template: Failure Mode and Effects Analysis
• SWOT Analysis Template