Introduction:

There are four main objectives of an ISO 9001 audit:

  • To verify opportunities to improve the QMS,
  • To verify conformance to applicable standards,
  • To verify conformance to documented processes and procedures,
  • To verify effectiveness of business processes.

This checklist is not intended to be a script that the auditor follows verbatim. Rather, it should be used as a tool to ensure that the basic requirements have been addressed and that adequate evidence has been recorded.

"The most effective audits are those during which auditors simply talk with the auditees to learn everything they can about the process being audited." - Ann W. Phillips, from ISO 9001:2015 Internal Audits Made Easy

This checklist is designed as a supplement, and is not intended to replace ISO 9001.

For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as it cannot provide specific guidance on the particular risks and controls applicable to every situation.

Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and objectives of the quality management system being audited.

Enter basic details

Before beginning preparations for the audit, enter some basic details using the form fields below.

Audit programme manager information

Auditee information

If this process involves multiple people, you can use the members form field to allow the person running this checklist to select and assign additional individuals.

For example, if management is running this checklist, they may wish to assign the lead internal auditor after completing the basic audit details.

Preparing for the audit:

Establish context of the audit

In order to understand the context of the audit, the audit programme manager should take into account the auditee’s:

  • 1
    Business goals and objectives
  • 2
    Relevant external and internal issues
  • 3
    The needs and expectations of relevant interested parties
  • 4
    Information security and confidentiality requirements of the quality management system

Record the context of the audit in the form field below.

Establish objectives of the audit

The audit programme manager needs to establish objectives of the QMS audit.

Individual audit objectives need to be consistent with the context of the auditee, including the following factors:

  • 1
    Extent of the QMS to be audited
  • 2
    Capacity of the QMS to help the organization to meet relevant regulatory requirements
  • 3
    Effectiveness of the QMS in producing its intended results
  • 4
    Opportunities for QMS improvements
  • 5
    Suitability of the QMS with respect to overall strategic context and business objectives of the auditee

Establish scope of the audit

Audit scope should be consistent with the context of the auditee.

Consider the following factors, and define the audit scope in the form field below:

  • 1
    Audit location
  • 2
    Audit function
  • 3
    Audit activities
  • 4
    Processes to be audited
  • 5
    Audit time-frame

Establish criteria of the audit

For individual audits, criteria should be defined to be used as a reference against which conformity will be determined.

Individual audit criteria might include:

  • 1
    Relevant policies
  • 2
    Processes and standard operating proceudures
  • 3
    Performance objectives and KPIs
  • 4
    Statutory and other relevant regulatory requirements
  • 5
    Management system requirements (e.g. other ISO standards)
  • 6
    Risks and opportunities as determined by the auditee
  • 7
    Internal codes of conduct

Record individual audit criteria in the form field below:

Ensure audit monitoring systems are in place

Audit programme managers should also make sure that tools and systems are in place to ensure adequate monitoring of the audit and all relevant activities.

Relevant activities to be monitored might include any of the following:

  • 1
    Timeliness of the audit (whether deadlines and schedules are being met)
  • 2
    Performance of the audit team members (including lead auditor)
  • 3
    Successful implementation of audit plans
  • 4
    Feedback from auditee and other relevant parties
  • 5
    Documentation of audit activities

Request documented information from auditee

Request all existing relevant QMS documentation from the auditee. You can use the form field below to quickly and easily request this information

Assign audit roles and responsibilities:

Assign audit team

Audit programme managers should assign audit team members.

When deciding on your audit team, consider the following:

  • 1
    Overall competence required by the audit team
  • 2
    Audit complexity
  • 3
    Combined or joint audit?
  • 4
    Audit methods
  • 5
    Ability of the audit team to work and interact effectively with the auditee
  • 6
    Relevant internal and external issues (e.g. auditee language barriers)
  • 7
    Type and complexity of processes to be audited (do they require specialized knowledge?)

Use the members fields below to assign audit team members.

Should you require fewer or more audit team members, edit this template to your requirements.

Assign audit team lead

Audit programme managers should be responsible for assigning the audit team leader.

This should be done well ahead of the scheduled date of the audit, to be sure that planning can take place in a timely manner.

dynamic due date has been set for this task, for one month before the scheduled start date of the audit.

Use the form fields below to record the details of the lead auditor.

Reviewing documented information:

Review auditee's documented information

The lead auditor should obtain and review all documentation of the auditee's management system.

This will help to prepare for individual audit activities, and will serve as a high-level overview from which the lead auditor will be able to better identify and understand areas of concern or nonconformity.

Documented information is an umbrella term that could refer to:

  • Processes (either recorded on paper or with software)
  • Management system documents and records
  • Previous audit reports

The above list is by no means exhaustive. The lead auditor should also take into account individual audit scope, objectives, and criteria.

Reference material, such as individual ISO standards, will be useful at this point.

Using the form-fields below, record any issues of nonconformities observed.

(Conditional) Resolve documented information issue(s)

Using the form field below, describe the issue(s) with documented information so far, and the steps taken to resolve the issue(s). 

Prepare an audit plan

The lead auditor should prepare an audit plan for the individual audit.

This plan should involve the following components and considerations:

  • 1
    Roles and responsibilities of each audit team member
  • 2
    Risk-based approach to audit planning
  • 3
    Scheduling and coordination of audit activities
  • 4
    Scope and complexity of the audit
  • 5
    Sampling techniques for collecting evidence
  • 6
    Opportunities for improvement
  • 7
    Risks of inadequate planning
  • 8
    Impact of the audit on auditee activities

Assign work to audit team

The lead auditor should assign work to the audit team.

Work to be assigned should be outlined in the audit plan.

You can use Process Street's task assignment feature to assign specific tasks in this checklist to individual members of your audit team.

Initiating the audit:

Make arrangements with the auditee

The lead auditor should make contact with the auditee and ensure the following:

  • 1
    Basic introduction and clear outline of lead auditor roles and responsibilities
  • 2
    Clarify the methods of communication
  • 3
    Permission has been granted to proceed with the audit
  • 4
    The auditee understands the audit programme so far
  • 5
    Relevant information is accessible to all parties involved with the audit
  • 6
    Request access to additional relevant information
  • 7
    Determine if there are any additional regulatory requirements that will impact audit activities
  • 8
    Confirm information security policies
  • 9
    Confirm audit scheduling
  • 10
    Location-specific arrangements are made
  • 11
    Auditee understands requirements for additional observers/guides etc.
  • 12
    Risk areas of note are communicated
  • 13
    Outstanding issues are resolved

Any scheduling of audit activities should be made well in advance.

For example, the dates of the opening and closing meetings should be provisionally declared for planning purposes.

Conduct open meeting

An opening meeting between the auditee and all relevant parties should be held.

It's advised that the opening meeting should be led by the lead auditor.

The scheduling for this meeting should have already been determined earlier in the checklist.

During the opening meeting, confirm the following with all relevant parties:

  • 1
    Audit programme plans
  • 2
    Individual audit scope
  • 3
    Individual audit objectives
  • 4
    Individual audit criteria
  • 5
    Individual audit plans
  • 6
    Roles and responsibilities of the audit team
  • 7
    That all planned activities can be performed, and proper authorization is acquired
  • 8
    Language of the audit
  • 9
    Information security protocol
  • 10
    Relevant access and arrangements for the audit team
  • 11
    Notable on-site activities that could impact audit process

Typically, such an opening meeting will involve the auditee's management, as well as crucial actors or specialists in relation to processes and procedures to be audited.

This meeting is a great opportunity to ask any questions about the audit process and generally clear the air of uncertainties or reservations.

Depending on the size and scope of the audit (and as such the organization being audited) the opening meeting might be as simple as announcing that the audit is starting, with a simple explanation of the nature of the audit.

Familiarity of the auditee with the audit process is also an important factor in determining how extensive the opening meeting should be.

During the opening meeting, the following items should be clearly communicated:

  • 1
    Methods for reporting and communicating audit progress
  • 2
    Conditions of audit termination
  • 3
    Procedures for dealing with audit findings during the audit
  • 4
    Procedures for receiving feedback from the auditee in response to findings during the audit

Ensure relevant audit information is accessible

Where, when, and how information is accessible is a crucial factor during the audit.

It's important to make clear where all relevant interested parties can find important audit information.

Make sure important information is readily accessible by recording the location in the form fields of this task.

You may want to consider uploading important information to a secure central repository (URL) that can be easily shared to relevant interested parties.

Audits can store important information both physically and/or virtually.

Collecting evidence (context of the organization):

Assess the organization and its context

Understanding the context of the organization is necessary when developing a quality management system in order to identify, analyze, and understand the business environment in which the organization conducts its business and realizes its product.

Record information pertaining to the organization and its context in the form fields below.

Assess needs and expectations of interested parties

Provide a record of evidence gathered relating to the needs and expectations of interested parties in the form fields below.

Assess scope of QMS

The scope of the QMS is basically a description of the processes, procedures, services, and products that the QMS applies to.

Provide a record of evidence gathered relating to the QMS scope in the form fields below.

Collecting evidence (leadership):

Assess leadership of the QMS

Provide a record of evidence gathered relating to the QMS leadership in the form fields below.

Assess customer focus

Provide a record of evidence gathered relating to the QMS customer focus in the form fields below.

Assess quality policy

Provide a record of evidence gathered relating to the QMS quality policy in the form fields below.

Assess organizational roles and responsibilities

Provide a record of evidence gathered relating to the organizational roles, responsibilities, and authorities of the QMS in the form fields below.

Collecting evidence (QMS planning):

Assess documentation of risks and opportunities

Provide a record of evidence gathered relating to the documentation of risks and opportunities in the QMS using the form fields below.

Assess quality objectives

Provide a record of evidence gathered relating to the QMS quality objectives in the form fields below.

Assess procedures for changes to QMS

Provide a record of evidence gathered relating to the QMS procedures for implementing changes in the form fields below.

Collecting evidence (support):

Assess organization and allocation of QMS resources

Provide a record of evidence gathered relating to the QMS organization and allocation of resources in the form fields below.

Assess HR integration with QMS

Provide a record of evidence gathered relating to the integration of HR within the QMS using the form fields below.

Assess QMS infrastructure

Provide a record of evidence gathered relating to the QMS infrastructure in the form fields below.

Assess QMS work environment

Provide a record of evidence gathered relating to the QMS work environment in the form fields below.

Assess systems for monitoring and measurement of resources

Provide a record of evidence gathered relating to the QMS systems for monitoring and measuring resources using the form fields below.

Assess organizational knowledge of the QMS

Provide a record of evidence gathered relating to the QMS organizational knowledge in the form fields below.

Assess QMS competence

Provide a record of evidence gathered relating to the QMS competence in the form fields below.

Assess QMS awareness

Provide a record of evidence gathered relating to the QMS awareness in the form fields below.

Assess communication of QMS within the organization

Provide a record of evidence gathered relating to the communication of the QMS within the organization using the form fields below.

Assess documented information

Provide a record of evidence gathered relating to the documented information of the QMS in the form fields below.

Collecting evidence (operation):

Assess process control

Provide a record of evidence gathered relating to the QMS process control in the form fields below.

Assess determination of requirements for products and services

Provide a record of evidence gathered relating to the determination of specific requirements for products and services within the QMS in the form fields below.

Assess design and development of products and services

Provide a record of evidence gathered relating to the development and design of products and services within the QMS in the form fields below.

Assess design and development inputs

Provide a record of evidence gathered relating to the design and development inputs of the QMS in the form fields below.

Assess design and development controls

Provide a record of evidence gathered relating to the design and development controls of the QMS in the form fields below.

Assess design and development outputs

Provide a record of evidence gathered relating to the design and development outputs of the QMS in the form fields below.

Assess design and development changes

Provide a record of evidence gathered relating to the design and development changes of the QMS in the form fields below.

Assess control of externally provided products and services

Provide a record of evidence gathered relating to externally provided products and services within the QMS using the form fields below.

Assess type and extent of control

Provide a record of evidence gathered relating to type and extent of control in the QMS using the form fields below.

Assess information for external providers

Provide a record of evidence gathered relating to the information for external providers of the QMS using the form fields below.

Assess control of production and service provision

Provide a record of evidence gathered relating to the control of production and services provision of the QMS using the form fields below.

Assess identification and traceability of production control

Provide a record of evidence gathered relating to the identification and traceability of production control of the QMS using the form fields below.

Assess control of external provider/customer property

Provide a record of evidence gathered relating to the control of external provider (or customer) property in the QMS using the form fields below.

Assess preservation procedures

Provide a record of evidence gathered relating to the preservation procedures documented and implemented by the QMS using the form fields below.

Assess post-delivery activities

Provide a record of evidence gathered relating to the post-delivery activities documented and implemented by the QMS using the form fields below.

Assess control of changes

Provide a record of evidence gathered relating to the documentation and implementation of control of changes in the QMS using the form fields below.

Assess release of products and services

Provide a record of evidence gathered relating to the documentation and implementation of release of products and services in the QMS using the form fields below.

Assess control of nonconforming outputs

Provide a record of evidence gathered relating to the documentation and implementation of control of nonconforming outputs in the QMS using the form fields below.

Collecting evidence (performance evaluation):

Assess QMS performance evaluation

Provide a record of evidence gathered relating to the documentation and implementation of performance evaluation in the QMS using the form fields below.

Assess customer satisfaction

Provide a record of evidence gathered relating to the documentation and implementation of customer satisfaction in the QMS using the form fields below.

Assess performance analysis and evaluation procedures

Provide a record of evidence gathered relating to the documentation and implementation of performance analysis and evaluation procedures in the QMS using the form fields below.

Assess internal audit procedures

Provide a record of evidence gathered relating to the documentation and implementation of internal audit procedures in the QMS using the form fields below.

Assess management review procedures

Provide a record of evidence gathered relating to the documentation and implementation of management review procedures in the QMS using the form fields below.

Collecting evidence (improvement):

Assess procedures for nonconformity and corrective action

Provide a record of evidence gathered relating to the documentation and implementation of procedures for nonconformity and corrective action in the QMS using the form fields below.

Assess procedures for continuous improvement

Provide a record of evidence gathered relating to the documentation and implementation of procedures for continuous improvement in the QMS using the form fields below.

Audit findings:

Review audit evidence and findings

So far, you'll have made records of the auditee's documentation and implementation of QMS policies and procedures using the form fields in the completed tasks so far (audit evidence).

You should also have made notes on both conformities and nonconformities alongside relevant suggestions for corrective action or opportunities for improvement (audit findings).

Below is an overview of the audit so far.

This is an approval task. The audit program manager can look through the audit findings and approve, reject or reject with notes, as required.

The approval task is a stop task, meaning a continuation of this ISO 9001 Internal Audit Checklist for Quality Management Systems is not possible until the approval task is complete.


Context of the organization


Organization and its context

Internal issues: {{form.Internal_issues_information}}

External issues: {{form.External_issues_information}}

Relevant interested parties: {{form.Relevant_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_organization_and_its_context?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_its_context}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_its_context_2}}

Suggestions: {{form.Suggestions_for_organization_and_its_context}}

Needs and expectations of interested parties

Information: {{form.Needs_and_expectations_of_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}

Recorded conformities: {{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}

Recorded nonconformities: {{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties_2}}

Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}

QMS scope

Information: {{form.QMS_scope_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_scope?}}

Recorded conformities: {{form.Record_conformities_for_QMS_scope}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_scope_2}}

Suggestions: {{form.Suggestions_for_QMS_scope}}


Leadership


QMS leadership

Information: {{form.QMS_leadership_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_leadership?}}

Recorded conformities: {{form.Record_conformities_for_QMS_leadership}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_leadership_2}}

Suggestions: {{form.Suggestions_for_QMS_leadership}}

Customer focus

Information: {{form.QMS_customer_focus_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_customer_focus?}}

Recorded conformities: {{form.Record_conformities_for_QMS_customer_focus}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_customer_focus_2}}

Suggestions: {{form.Suggestions_for_QMS_customer_focus}}

Quality policy

Information: {{form.QMS_quality_policy_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_policy?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_policy}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_policy_2}}

Suggestions: {{form.Suggestions_for_QMS_quality_policy}}

Organizational roles and responsibilities

Information: {{form.QMS_roles_and_responsibilities_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_roles_and_responsibilities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_roles_and_responsibilities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_roles_and_responsibilities_2}}

Suggestions: {{form.Suggestions_for_QMS_roles_and_responsibilities}}


QMS planning


Documentation of risks and opportunities

Risks information: {{form.QMS_risks_information}}

Procedures for risk mitigation information: {{form.Procedures_for_risk_mitigation_information}}

Opportunities information: {{form.QMS_opportunities_information}}

Procedures for engaging opportunities information: {{form.Procedures_for_engaging_opportunities_information}}

Any nonconformities?: {{form.Nonconformity_with_documentation_of_QMS_risks_and_opportunities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_risks_and_opportunities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_risks_and_opportunities_2}}

Suggestions: {{form.Suggestions_for_QMS_risks_and_opportunities}}

Quality objectives

Information: {{form.QMS_quality_objectives_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_objectives?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_objectives}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_objectives}}

Suggestions: {{form.Suggestions_for_QMS_quality_objectives}}

Procedures for change to QMS

Information: {{form.Procedures_for_change_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_change?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_change}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_change_2}}

Suggestions: {{form.Suggestions_for_procedures_for_change}}


Support


Organization and allocation of QMS resources

Information: {{form.Organization_and_allocation_of_resources_information}}

Any nonconformities?: {{form.Nonconformity_for_organization_and_allocation_of_resources?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_allocation_of_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_allocation_of_resources_2}}

Suggestions: {{form.Suggestions_for_organization_and_allocation_of_resources}}

HR integration

Information: {{form.HR_integration_information}}

Any nonconformities?: {{form.Nonconformity_with_HR_integration?}}

Recorded conformities: {{form.Record_conformities_for_HR_integration}}

Recorded nonconformities: {{form.Record_nonconformities_for_HR_integration_2}}

Suggestions: {{form.Suggestions_for_HR_integration}}

QMS infrastructure

Information: {{form.QMS_infrastructure_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_infrastructure?}}

Recorded conformities: {{form.Record_conformities_for_QMS_infrastructure}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_infrastructure_2}}

Suggestions: {{form.Suggestions_for_QMS_infrastructure}}

QMS work environment

Information: {{form.QMS_work_environment_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_work_environment?}}

Recorded conformities: {{form.Record_conformities_for_QMS_work_environment}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_work_environment_2}}

Suggestions: {{form.Suggestions_for_QMS_work_environment}}

Systems for monitoring and measurement of resources

Information: {{form.Systems_for_monitoring_and_measuring_resources_information}}

Any nonconformities?: {{form.Nonconformity_with_systems_for_monitoring_and_measuring_resources?}}

Recorded conformities: {{form.Record_conformities_for_systems_for_monitoring_and_measuring_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_resources_2}}

Suggestions: {{form.Suggestions_for_monitoring_and_measuring_resources}}

Organizational knowledge of the QMS

Information: {{form.Organizational_knowledge_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_organizational_knowledge_of_QMS_informaiton?}}

Recorded conformities: {{form.Record_conformities_for_organizational_knowledge_of_QMS_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_organizational_knowledge_of_QMS_information_2}}

Suggestions: {{form.Suggestions_for_organizational_knowledge_of_QMS_information}}

QMS competence

Information: {{form.QMS_competence_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_competence?}}

Recorded conformities: {{form.Record_conformities_for_QMS_competence}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_competence_2}}

Suggestions: {{form.Suggestions_for_QMS_competence}}

QMS awareness

Information: {{form.QMS_awareness_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_awareness?}}

Recorded conformities: {{form.Record_conformities_for_QMS_awareness}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_awareness_2}}

Suggestions: {{form.Suggestions_for_QMS_awareness}}

Communication of QMS within the organization

Information: {{form.Communication_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_communication_of_QMS?}}

Recorded conformities: {{form.Record_conformities_for_communication_of_QMS}}

Recorded nonconformities: {{form.Record_nonconformities_for_communication_of_QMS_2}}

Suggestions: {{form.Suggestions_for_communication_of_QMS}}

Documented information

Information: {{form.Documented_information_notes}}

Any nonconformities?: {{form.Nonconformity_with_documented_information?}}

Recorded conformities: {{form.Record_conformities_for_documented_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_documented_information_2}}

Suggestions: {{form.Suggestions_for_documented_information}}


Operation


Process control

Information: {{form.Process_control_information}}

Any nonconformities?: {{form.Nonconformity_with_process_control?}}

Recorded conformities: {{form.Record_conformities_for_process_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_process_control_2}}

Suggestions: {{form.Suggestions_for_process_control}}

Determination of requirements for products and services

Information: {{form.Determination_of_requirements_for_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_determination_of_requirements_for_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_determination_of_requirements_for_product_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_determination_of_requirements_for_product_and_services_2}}

Suggestions: {{form.Suggestions_for_determination_of_requirements_for_product_and_services}}

Design and development of products and services

Information: {{form.Design_and_development_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_design_and_development_of_products_and_services}}

Design and development inputs

Information: {{form.Design_and_development_inputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_inputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_inputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_inputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_inputs}}

Design and development controls

Information: {{form.Design_and_development_controls_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_controls?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_controls}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_controls_2}}

Suggestions: {{form.Suggestions_for_design_and_development_controls}}

Design and development outputs

Information: {{form.Design_and_development_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_outputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_outputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_outputs}}

Design and development changes

Information: {{form.Design_and_development_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_changes?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_changes_2}}

Suggestions: {{form.Suggestions_for_design_and_development_changes}}

Control of externally provided products and services

Information: {{form.Control_of_externally_provided_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_externally_provided_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_control_of_externally_provided_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_externally_provided_products_and_services_2}}

Suggestions: {{form.Suggestions_for_control_of_externally_provided_products_and_services}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Identification and traceability of production control

Information: {{form.Identification_and_traceability_of_production_control_information}}

Any nonconformities?: {{form.Nonconformity_with_identification_and_traceability_of_production_control?}}

Recorded conformities: {{form.Record_conformities_for_identification_and_traceability_of_production_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_identification_and_traceability_of_production_control_2}}

Suggestions: {{form.Suggestions_for_identification_and_traceability_of_production_control}}

Control of external provider/customer property

Information: {{form.Control_of_external_provider/customer_property_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_external_provider/customer_property?}}

Recorded conformities: {{form.Record_conformities_for_control_of_external_provider/customer_property}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_external_provider/customer_property_2}}

Suggestions: {{form.Suggestions_for_control_of_external_provider/customer_property}}

Preservation procedures

Information: {{form.Preservation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_preservation_procedures?}}

Recorded conformities: {{form.Record_conformities_for_preservation_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_preservation_procedures_2}}

Suggestions: {{form.Suggestions_for_preservation_procedures}}

Post-delivery activities

Information: {{form.Post-delivery_activities_information}}

Any nonconformities?: {{form.Nonconformity_with_post-delivery_activities?}}

Recorded conformities: {{form.Record_conformities_for_post-delivery_activities}}

Recorded nonconformities: {{form.Record_nonconformities_for_post-delivery_activities_2}}

Suggestions: {{form.Suggestions_for_post-delivery_activities}}

Control of changes

Information: {{form.Control_of_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_changes?}}

Recorded conformities: {{form.Record_conformities_for_control_of_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_changes_2}}

Suggestions: {{form.Suggestions_for_control_of_changes}}

Release of products and services

Information: {{form.Release_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_release_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_release_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_release_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_release_of_products_and_services}}

Control of nonconforming outputs

Information: {{form.Control_of_nonconforming_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_nonconforming_outputs?}}

Recorded conformities: {{form.Record_conformities_for_control_of_nonconforming_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_nonconforming_outputs_2}}

Suggestions: {{form.Suggestions_for_control_of_nonconforming_outputs}}


Performance evaluation


QMS performance evaluation

Information: {{form.QMS_performance_evaluation_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_performance_evaluation?}}

Recorded conformities: {{form.Record_conformities_for_QMS_performance_evaluation}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_performance_evaluation_2}}

Suggestions: {{form.Suggestions_for_QMS_performance_evaluation}}

Customer satisfaction

Information: {{form.Customer_satisfaction_information}}

Any nonconformities?: {{form.Nonconformity_with_customer_satisfaction?}}

Recorded conformities: {{form.Record_conformities_for_customer_satisfaction}}

Recorded nonconformities: {{form.Record_nonconformities_for_customer_satisfaction_2}}

Suggestions: {{form.Suggestions_for_customer_satisfaction}}

Performance analysis and evaluation procedures

Information: {{form.Performance_analysis_and_evaluation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_performance_analysis_and_evaluation_of_procedures?}}

Recorded conformities: {{form.Record_conformities_for_performance_analysis_and_evaluation_of_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_performance_analysis_and_evaluation_of_procedures_2}}

Suggestions: {{form.Suggestions_for_performance_analysis_and_evaluation_of_procedures}}

Internal audit procedures

Information: {{form.Internal_audit_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_internal_audit_procedures?}}

Recorded conformities: {{form.Record_conformities_for_internal_audit_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_internal_audit_procedures_2}}

Suggestions: {{form.Suggestions_for_internal_audit_procedures}}

Management review procedures

Information: {{form.Management_review_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_management_review_procedures?}}

Recorded conformities: {{form.Record_conformities_for_management_review_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_management_review_procedures_2}}

Suggestions: {{form.Suggestions_for_management_review_procedures}}


Improvement


Procedures for nonconformity and corrective action

Information: {{form.Procedures_for_nonconformity_and_corrective_action_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_nonconformity_and_corrective_action?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_nonconformity_and_corrective_action}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_nonconformity_and_corrective_action_2}}

Suggestions: {{form.Suggestions_for_procedures_for_nonconformity_and_corrective_action}}

Procedures for continuous improvement

Information: {{form.Procedures_for_continuous_improvement_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_continuous_improvement?}}

Recorded conformities: {{form.Record_conformities_for_continuous_improvement_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_continuous_improvement_procedures_2}}

Suggestions: {{form.Suggestions_for_continuous_improvement_procedures}}

Approval:

Closing the audit:

Prepare audit report

Audit reports should be issued within 24 hours of the audit to ensure the auditee is given opportunity to take corrective action in a timely, thorough fashion

If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do" pile, and much of the momentum of the audit, including discussions of findings and feedback from the auditor, will have faded.

The lead auditor should prepare the audit report.

This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been evaluated against criteria.

The audit report is the final record of the audit; the high-level document that clearly outlines a complete, concise, clear record of everything of note that happened during the audit.

Use the sub-checklist below to check off important items included within the audit report:

  • 1
    Audit programme objectives
  • 2
    Individual audit objectives
  • 3
    Individual audit scope
  • 4
    Individual audit criteria
  • 5
    An overview of the auditee & their context
  • 6
    Roles and responsibilities of the audit team
  • 7
    Key dates and locations of the audit
  • 8
    Complete audit findings and corresponding evidence
  • 9
    Audit conclusions
  • 10
    Assessment of audit criteria
  • 11
    Unresolved conflicts of opinion between audit team and auditee

Use the form field below to upload the completed audit report.

Issue audit report

As stressed in the previous task, that the audit report is distributed in a timely manner is one of the most important aspects of the entire audit process.

Use the email widget below to quickly and easily distribute the audit report to all relevant interested parties.

By default, the widget will send the report to:

  • The auditee main point of contact (Auditee main point of contact)
  • The audit programme manager (Audit programme manager email
  • The lead auditor (Lead auditor email)

Should you want to distribute the report to additional interested parties, simply add their email addresses to the email widget below:

(Conditional) Prepare for audit follow-up

Depending on the outcome of the audit, there may be a need for follow-up action.

Follow-up action might include:

  • Corrective action in response to nonconformities
  • Opportunities for improvement
  • Actions to address risks and opportunities

A time-frame should be agreed upon between the audit team and auditee within which to carry out follow-up action.

As part of the follow-up actions, the auditee will be responsible for keeping the audit team informed of any relevant activities undertaken within the agreed time-frame. The completion and effectiveness of these actions will need to be verified - this may be part of a subsequent audit.

In any case, recommendations for follow-up action should be prepared ahead of the closing meetingand shared accordingly with relevant interested parties.

Use the form fields below to record follow-up action suggestions.

Prepare for closing meeting

Before the closing meeting, the audit team should make adequate preparations.

Make sure the following items are resolved ahead of the closing meeting:

  • 1
    All audit findings are reviewed against audit objectives
  • 2
    Audit conclusions are agreed upon
  • 3
    Recommendations are prepared, if necessary
  • 4
    Follow-up action has been discussed and agreed upon

Conduct closing meeting

Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone with the proceedings and outcome of the audit, and provide a firm resolution to the whole process.

The main point of the closing meeting should be to present audit findings and conclusions.

Lead auditors should be responsible for presenting audit findings and conclusions.

You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant interested parties are in attendance at the closing meeting:

  • 1
    Auditee management
  • 2
    Audit programme manager
  • 3
    Individuals responsible for the processes and procedures being audited
  • 4
    The audit client
  • 5
    All members of the audit team
  • 6
    Other relevant interested parties, as determined by the auditee/audit programme

Once attendance has been taken, the lead auditor should go over the complete audit report, with special attention placed on:

  • 1
    If applicable, first addressing any special occurrences or situations that might have impacted the reliability of audit conclusions
  • 2
    Making sure all present are familiar with or have access to the complete audit report
  • 3
    Making sure the auditee is familiar with the audit process
  • 4
    Confirming the time-frame for audit follow-up actions
  • 5
    Diverging opinions / disagreements in relation to audit findings between any relevant interested parties
  • 6
    Opportunities for improvement

Depending on the situation and context of the audit, formality of the closing meeting can vary.

For more formal audits, minutes and records of attendance can be kept.

For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit findings and audit conclusions.

In any case, during the course of the closing meeting, the following should be clearly communicated to the auditee:

  • 1
    That audit evidence is based on sample information, and therefore cannot be fully representative of the overall effectiveness of the processes being audited
  • 2
    The specific methods of audit reporting used
  • 3
    Complete audit findings and conclusions
  • 4
    Advice for how to proceed in light of audit findings
  • 5
    Consequences if audit findings are not addressed
  • 6
    Recommendations for post-audit follow-up activities
  • 7
    The fact that recommendations are not binding

Complete the audit

The audit is to be considered formally complete when all planned activities and tasks have been completed, and any recommendations or future actions have been agreed upon with the audit client.

All information documented during the course of the audit should be retained or disposed of, depending on:

  • The nature of the information (sensitive, proprietary, etc.)
  • Requirements for particular management system standards
  • Any other agreements between relevant interested parties

It should be assumed that any information collected during the audit should not be disclosed to external parties without written approval of the auditee/audit client.

However, it may sometimes be a legal requirement that certain information be disclosed. Should that be the case, the auditee/audit client must be informed as soon as possible.

Sources:

Disclaimer:

  1. Process Street is not affiliated or in partnership with the International Organization for Standardization (ISO). The materials on Process Street’s website are provided on an as-is basis and are for educational purposes. Process Street makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.

  2. Further, Process Street does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.