Information

ISO 9001:2015 Internal Audit

  • Area/Location

  • Audit Reference:

  • Conducted on

  • Auditor (s)

  • Name (s) & Position:

  • Area Representative:

  • Name (s) & Position:

  • Audit:

  • Objective and Scope:

  • Audit Reference Criteria:

4 Context of the organization

4.1 Understanding the organization and its context

  • Verify how the organization has determined external and internal issues relevant to its purpose and strategic direction.

  • General Notes:

  • Verify how these issues affect the ability to achieve the intended result of the QMS.

  • General Notes:

  • Verify how the organization monitors and reviews information about these internal and external issues.

  • General Notes:

4.2 Understanding the needs and expectations of interested parties

  • Verify how organization determined relevant interested parties to QMS.

  • General Notes:

  • Verify how the organization has determined the relevant needs and expectations of interested parties.

  • General Notes:

  • Verify how the organization has determined the impact or potential impact of the interested parties.

  • General Notes:

  • Verify how the organization monitors and reviews information about interested parties and their relevant requirements.

  • General Notes:

4.3 Determining the scope of the quality management system

  • Verify the QMS scope considers the following:

  • External and internal issues.

  • The requirements of relevant interested parties.

  • The products and services of the organization.

  • General Notes:

  • Verify how the organization has determined how the ISO 9001:2015 standard is applied within the organization.

  • General Notes:

  • If the organization has determined any of the requirements of the ISO 9001:2015 standard not to be applicable, show me how conformity of products and services are not affected by this.

  • General Notes:

  • Verify QMS scope is documented.

  • General Notes:

  • Verify scope states what products and services are covered by the QMS and how it justifies instances where requirements cannot be applied.

  • General Notes:

4.4 Quality management system and its processes

  • Show me how the processes have been determined and how they interact.

  • General Notes:

  • Verify how the processes for the QMS were determine. Verify the inputs and outputs to the processes.

  • General Notes:

  • Verify the sequence and interaction of of the processes.

  • General Notes:

  • Verify the criteria, methods, measurement and related performance indicators needed to operate and control the processes.

  • General Notes:

  • Verify how resources are determined and allocated.

  • General Notes:

  • Verify how responsibilities and authorities are determined.

  • General Notes:

  • Verify how risks and opportunities are considered and what actions are taken to address them.

  • General Notes:

  • Verify what methods are used to monitor, measure and evaluate processes. Verify changes, if needed, are implemented to achieve intended results.

  • General Notes:

  • Verify how opportunities for improvement for the QMS and its processes are determined.

  • General Notes:

  • Reviewed documented information created to support the operation of its processes.

  • General Notes:

5 Leadership

5.1 Leadership and commitment

  • Top management is identified

  • General Notes:

  • Verify top management demonstrates leadership and commitment by

  • Taking accountability for QMS effectiveness

  • Ensuring the QMS policy and objectives are established and are compatible with strategic direction and context of organization

  • Ensuring the QMS is integrated into organization's business processes

  • Promoting the use of the process approach and risk-based thinking

  • Ensuring resources are available

  • Communicating the importance of effective QMS and of conforming to its requirements

  • Ensuring intended outcomes

  • Engaging, directing and supporting persons to contribute to the effectiveness of the QMS

  • Promoting continuous improvement

  • Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility

  • General Notes:

  • Verify how top management demonstrates leadership and commitment with respect to customer focus by ensuring that

  • customer and applicable statutory and regulatory requirements are determined, understood and consistently met.

  • the risks and opportunities that affect product and service conformity and the ability to enhance customer satisfaction are determined and addressed.

  • the focus of enhancing customer satisfaction is maintained.

  • General Notes:

5.2 Policy

  • Verify the quality policy ...

  • is appropriate to the purpose and context of the organization and supports its strategic direction.

  • provides a framework for setting quality objectives.

  • includes a commitment to satisfy applicable requirements.

  • includes a commitment to continual improvement of the QMS.

  • General Notes:

  • Verify QMS Policy is maintained as documented information.

  • General Notes:

  • Verify QMS Policy is communicated, understood and applied within the organization.

  • General Notes:

  • Verify QMS Policy is available to relevant interested parties.

  • General Notes:

5.3 Organizational roles, responsibilities and authorities

  • Verify responsibilities and authorities for relevant roles are assigned and communicated within the organization

  • General Notes:

  • Verify top management assigns responsibility and authority for..

  • ensuring the QMS conforms to the ISO 9001:2015 standard.

  • ensuring that processes are delivering their intended outputs.

  • reporting on the performance of the QMS and on opportunities for improvement, in particular to top management.

  • ensuring the promotion of customer focus throughout the organization.

  • ensuring the integrity of the QMS is maintained when changes to the QMS are planned and implemented.

  • General Notes:

6 Planning

6.1 Actions to address risks and opportunities

  • Verify how the internal and external issues and interested parties are considered when planning for the QMS?

  • General Notes:

  • Verify how risks and opportunities are determined and addressed so the QMS can achieve its intended results, prevent and reduce undesired effects and achieve continual improvement

  • General Notes:

  • Verify how actions are planned to address risks and opportunities.

  • General Notes:

  • Verify how actions are integrated and implemented into the QMS processes.

  • General Notes:

  • Verify how the organization evaluates the effectiveness of the actions.

  • General Notes:

  • Verify how actions are taken to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services.

  • General Notes:

6.2 Quality objectives and planning to achieve them

  • Verify quality objectives are established at relevant functions, levels and processes.

  • General Notes:

  • Verify the quality objectives are..

  • consistent with the quality policy.

  • measurable.

  • taking into account applicable requirements.

  • relevant to the conformity of products and services and to the enhancement of customer satisfaction.

  • moinitored.

  • communicated.

  • updated as appropriate.

  • General Notes:

  • Verify objectives are documented.

  • General Notes:

  • Verify how the organization determines what will be done, with what resources, when completed and how the results will be evaluated for quality objectives.

  • General Notes:

6.3 Planning of changes

  • Verify how QMS changes are planned systematically.

  • General Notes:

  • Verify how the organization demonstrates the purpose and potential consequences of changes.

  • General Notes:

  • Verify how the organization considers the integrity of the QMS.

  • General Notes:

  • Verify how resources are made available.

  • General Notes:

  • Verify how responsibility and authority is allocated and reallocated.

  • General Notes:

7 Support

7.1 Resources

  • Verify how resources are determined for the organization.

  • General Notes:

  • Show me how the capabilities and constraints on internal resources are considered.

  • General Notes:

  • Show me how needs from external providers are considered.

  • General Notes:

  • Verify how the organization provides persons necessary to consistently meet customer, applicable statutory and regulatory requirements for the QMS including the necessary processes.

  • General Notes:

  • Verify how the organization determines, provides and maintains the infrastructure for the operation of processes to achieve products and services conformity.

  • General Notes:

  • Verify how the organization determines, provides and maintains the environment for the operation of processes to achieve products and service conformity.

  • General Notes:

  • Verify how resources are determined to ensure valid and reliable monitoring and measuring results.

  • General Notes:

  • Verify how the organization ensures that the resources provided are suitable for the specific type of monitoring and measurement activities being undertaken and that they are maintained to ensure continued fitness of purpose.

  • General Notes:

  • Verify documented information that shows evidence of fitness for purpose of monitoring and measurement resources.

  • General Notes:

  • Show me how measurement instruments are verified or calibrated at specific intervals against national or international standards. If no standards, show me documented information which is used as the basis for calibration or verification.

  • General Notes:

  • Show me how measurement instruments are identified.

  • General Notes:

  • Show me how measurement instruments are safeguarded from adjustments, damage and deterioration.

  • General Notes:

  • Verify how the organization determines the validity of previous measurements if you find an instrument to be defective during verification or calibration. Verify any actions taken.

  • General Notes:

  • Verify how the organization determines the necessary knowledge for the operation of processes and achieves conformity of products and services.

  • General Notes:

  • Verify how knowledge is maintained and made available to the extent necessary.

  • General Notes:

  • Verify how the organization determines current knowledge and how its acquires additional knowledge when addressing changing needs and trends.

  • General Notes:

7.2 Competence

  • Show me how you determine the necessary competence of people doing work under your control that affects quality performance.

  • General Notes:

  • Show me how you determine competence on the basis of appropriate education, training or experience.

  • General Notes:

  • Show me how you take actions to acquire necessary competence where applicable and how do you evaluate the effectiveness of those actions.

  • General Notes:

  • Verify documented information as evidence of competence where appropriate.

  • General Notes:

7.3 Awareness

  • Verify people doing work under the organization's control are aware of

  • the quality policy.

  • the relevant quality objectives.

  • their contribution to the effectiveness of the QMS, including the benefits of improved performance.

  • the implications of not conforming with the QMS requirements.

  • General Notes:

7.4 Communication

  • Verify internal and external communication process (what, when, with whom and how to communicate).

  • General Notes:

7.5 Documented information

  • Verify documented information required by the ISO 9001:2015 standard.

  • General Notes:

  • Verify documented information that shows the effectiveness of the QMS.

  • General Notes:

  • Show me that your documented information contains appropriate identification, format (language, software version, graphics, ...) and media (paper, electronic, ...).

  • General Notes:

  • Show me how the documented information is reviewed and approved for suitability and adequacy.

  • General Notes:

  • Show me how you control documented information and make it available and suitable for use. Tell me how you protect your documented information.

  • General Notes:

  • Verify how the organization controls the distribution, access, retrieval, use, storage, preservation, legibility, control of changes, retention and disposition of documented information.

  • General Notes:

  • Verify documented information of external origin is identified, as appropriate, and controlled.

  • General Notes:

8 Operation

8.1 Operational planning and control

  • Verify how the organization has planned, implemented and controlled processes needed to meet the requirements of products and services.

  • General Notes:

  • Verify how requirements for products and services are determined.

  • General Notes:

  • Verify how criteria for processes and acceptance for products and services are determined.

  • General Notes:

  • Verify how resources are determined.

  • General Notes:

  • Verify how process control is implemented.

  • General Notes:

  • Show me documented information that demonstrates processes have been carried out as planned and can demonstrate conformity of products and services.

  • General Notes:

  • Determine how output from the planning process is suitable for operations.

  • General Notes:

  • Verify how planned changes are controlled. Verify how unintended changes are reviewed and what actions are taken to mitigate any adverse effects, as necessary.

  • General Notes:

  • Verify how outsourced processes are controlled.

  • General Notes:

8.2 Determination of requirements for products and services

  • Verify processes created for communicating with customers on information relating to products, services, enquiries, contracts, order handling, customer views, perceptions and complaints, handling or treatment of customer property and specific requirements for contingency actions.

  • General Notes:

  • Verify process to determine the requirements for products and services to be offered to potential customers and how the process is established, implemented and maintained.

  • General Notes:

  • Verify how product and service requirements including statutory and regulatory requirements are defined. Verify that the organization has the ability to meet the defined requirements and substantiate any claims for its products and services.

  • General Notes:

  • Verify how the organization reviews..

  • customer requirements for delivery and post-delivery.

  • requirements necessary for customer's specified or intended use, where known.

  • statutory and regulatory requirements applicable to the products and services.

  • other contract or order requirements.

  • General Notes:

  • Show me that the review is conducted prior to the organization's commitment to supply products and services to the customer.

  • General Notes:

  • Verify how the organization resolves differences in the contract or order requirements from those previously defined.

  • General Notes:

  • Verify how the organization confirms customer requirements where the customer doesn't provide a documented statement.

  • General Notes:

  • Verify documented information of reviews describing new or changed requirements to products and services.

  • General Notes:

  • Verify documented information of amended reviews and how relevant personnel are made aware of those changes.

  • General Notes:

8.3 Design and development of products and services

  • Verify how the design and development process is established, implemented and maintained.

  • General Notes:

8.3.2 Design and development planning

  • In determining the stages and control for design and development, verify the organization considers..

  • the nature, duration and complexity of the activities.

  • the requirements that specify particular process stages including applicable reviews.

  • required verification and validation.

  • responsibilities and authorities.

  • how interfaces are controlled between individuals and parties.

  • the need for involvement of customer and user groups.

  • General Notes:

  • Verify documented information that confirms design and development requirements have been met.

  • General Notes:

8.3.3 Design and development inputs

  • In determining requirements essential for the type of products and services being designed and developed, the organization shall consider..

  • functional and performance requirements.

  • information derived from previous similar design and development activities.

  • statutory and regulatory requirements.

  • standard or codes of practice that the organization has committed to implement.

  • potential consequences of failure due to the nature of the products and services.

  • General Notes:

  • Verify that the inputs are complete and unambiguous.

  • General Notes:

  • Verify documented information on design and development inputs are retained.

  • General Notes:

8.3.4 Design and development controls

  • Verify the organization applies controls to the design and development process to ensure that..

  • the results to be achieved are defined.

  • reviews are conducted to evaluate the ability of the results of design and development to meet requirements.

  • verification activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use.

  • validation activities are conducted to ensure that the resulting products and services meet the requirements of the specified application or intended use.

  • any necessary actions are taken on problems determined during the reviews, or verification and validation activities.

  • General Notes:

  • Verify documented information of these activities are retained.

  • General Notes:

8.3.5 Design and development outputs

  • Verify the organization ensures the design and development outputs..

  • meet the input requirements.

  • are adequate for the subsequent processes for the provision of products and services.

  • include or reference monitoring and measuring requirements, as appropriate , and acceptance criteria.

  • specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.

  • General Notes:

  • Verify documented information on design and development outputs are retained.

  • General Notes:

8.3.6 Design and development changes

  • Verify the organization identifies, reviews and controls changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.

  • General Notes:

  • Verify documented information on design and development changes, the result of reviews, the authorization of changes and the actions taken to prevent adverse impacts are retained.

  • General Notes:

8.4 Control of externally provided processes, products and services

  • Verify how the organization ensures externally provided processes, products and services conform to specified requirements.

  • General Notes:

  • Verify controls applied to externally provided processes, products and services when products and services are intended for incorporation into the organization's own products and services, products and services are provided directly to the customer or a process, or part of a process, is provided by an external provider as a result of a decision by the organization.

  • General Notes:

  • Verify how the organization determines and applies criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers.

  • General Notes:

  • Verify documented information of activities and actions arising from the evaluations.

  • General Notes:

  • Verify how the organization determines controls applied to the external provision of processes, products and services and the resulting output.

  • General Notes:

  • Verify how the organization considers the potential impact of the external provided processes, products and services on its ability to meet customer and applicable statutory and regulatory requirements.

  • General Notes:

  • Verify the effectiveness of the controls applied by the external provider.

  • General Notes:

  • Verify how the organization determines the verification, or other activities, necessary to ensure the externally provided processes, products and services meet requirements.

  • General Notes:

  • Verify the organization communicates to external providers its requirements for..

  • the processes, products and services to be provided.

  • the approval of product and services; methods, processes and equipment; and the release of products and services.

  • competence, including any required qualification of persons.

  • the external providers' interactions with the organization.

  • control and monitoring of the external providers' performance to be applied by the organization.

  • verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises.

  • General Notes:

8.5 Production and service provision

8.5.1 Control of production and service provision

  • Verify the organization has documented information that defines the characteristics of the products to be produced, the services to be provided or the activities to be performed and the results to be achieved.

  • General Notes:

  • Verify the availability and use of suitable monitoring and measuring resources.

  • General Notes:

  • Verify the implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met.

  • General Notes:

  • Verify the use of suitable infrastructure and environment for the operation of processes.

  • General Notes:

  • Verify the appointment of competent persons, including any required qualification.

  • General Notes:

  • Verify the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement.

  • General Notes:

  • Verify the implementation of actions to prevent human error (i.e. poke yoke, visual locations, checklist, emergency stops, templates, document control, ...)

  • General Notes:

  • Verify the implementation of release, delivery and post-delivery activities.

  • General Notes:

8.5.2 Identification and traceability

  • Verify how organization identifies outputs from the process to ensure conformity.

  • General Notes:

  • How does the organization identify the status of process outputs.

  • General Notes:

  • Verify how the organization controls the unique identification of process outputs when traceability is required. Verify documented information of traceability, where required.

  • General Notes:

8.5.3 Property belonging to customers or external providers

  • What care is provided to customers' or external providers' property?

  • General Notes:

  • Verify how the organization identifies, verifies, protects and safeguards customers' or external providers' property which is provided for use or incorporation into the organization's products or services.

  • General Notes:

  • Verify retained documented information for property that is damaged or otherwise found to be unsuitable for use.

  • General Notes:

8.5.4 Preservation

  • Verify how the organization ensures preservation of the process outputs to ensure conformity to requirements.

  • General Notes:

8.5.5 Post-delivery activities

  • Verify the organization considers the following to meet post-delivery activities.

  • statutory and regulatory requirements

  • potential undesired consequences associated with its products and services

  • the nature, use and intended lifetime of its products and services

  • customer requirements

  • customer feedback

  • General Notes:

8.5.6 Control of changes

  • Verify how the organization reviews and controls changes for production or service provision.

  • General Notes:

  • Verify retained documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review.

  • General Notes:

8.6 Release of products and services

  • Verify at appropriate stages product and service requirements have been met.

  • General Notes:

  • Verify products and services are not released to the customer until the planned arrangements have been satisfactorily completed, unless otherwise approved by relevant authority and, as applicable, by the customer.

  • General Notes:

  • Verify retained documented information that shows evidence of conformity with acceptance criteria and traceability to person(s) authorizing the release.

  • General Notes:

8.7 Control of nonconforming outputs

  • Verify that outputs that do not conform to requirements are identified and controlled.

  • General Notes:

  • Verify appropriate action is taken for nonconforming products and services (also include after delivery of product or during/after the provision of services).

  • Correction

  • Segregation, containment, return or suspension of provision of products and services

  • Informing the customer

  • Obtaining authorization for acceptance under concession

  • General Notes:

  • Verify conformity to the requirements when nonconforming outputs are corrected.

  • General Notes:

  • Verify retained documented information that describes the nonconformity, describes actions taken, describes any concessions obtained and identifies the authority deciding the action in respect of the nonconformity.

  • General Notes:

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

  • Verify the organization has determined what needs to be monitored and measured, the methods to be used, when it will be performed, analyzed and evaluated.

  • General Notes:

  • Verify the organization evaluates the performance and effectiveness of its QMS.

  • General Notes:

  • Review retained appropriate documented information

  • General Notes:

  • Verify the organization monitors customers' perceptions of the degree to which their needs and expectations have been fulfilled.

  • General Notes:

  • Verify the organization analyzes and evaluates:

  • conformity of products and services.

  • the degree of customer satisfaction.

  • the performance and effectiveness of the QMS.

  • if planning has been implemented effectively.

  • the effectiveness of actions taken to address risks and opportunities.

  • the performance of external providers.

  • the need for improvements the the QMS.

  • General Notes:

9.2 Internal audit

  • Verify audits are conducted at planned intervals

  • General Notes:

  • Verify organization has established, implemented, and maintains an internal audit program

  • General Notes:

  • Verify the importance of the process, changes affecting the organization and the results of previous audits are considered

  • General Notes:

  • Verify audit criteria and scope are created for each audit

  • General Notes:

  • Auditors are objective and impartial

  • General Notes:

  • Audit results reported to relevant management

  • General Notes:

  • Verify appropriate correction and corrective actions are taken without delay

  • General Notes:

  • Review retained documented information

  • General Notes:

9.3 Management review

  • Verify management reviews QMS at planned intervals

  • General Notes:

  • Verify inputs to management review includes:

  • status of actions from previous management reviews

  • changes in external and internal issues relevant to the QMS

  • customer satisfaction and feedback from relevant interested parties

  • the extent to which quality objectives have been met

  • process performance and conformity of products and services

  • nonconformities and corrective actions

  • monitoring and measurement results

  • audit results

  • the performance of external providers

  • adequacy of resources

  • effectiveness of actions taken to address risks and opportunities

  • opportunities for improvement

  • General Notes:

  • Verify outputs to management review includes:

  • opportunities for improvement

  • any need for changes to the QMS

  • resource needs

  • General Notes:

  • Verify retained documented information

  • General Notes:

10 Improvement

10.1 General

  • Verify the organization determines and selects opportunities for improvement to improve products and services, corrects, prevents or reduces undesired effects and improves the performance and effectiveness of the QMS.

  • General Notes:

10.2 Nonconformity and corrective action

  • Verify how organization reacts to nonconformity, including complaints, by evaluating how its takes action to control and correct it and how it deals with the consequences.

  • General Notes:

  • Verify how the organization evaluates the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere.

  • General Notes:

  • Verify how organization implements necessary actions.

  • General Notes:

  • Verify how organization evaluates the effectiveness of actions taken.

  • General Notes:

  • Verify the organization updates risks and opportunities determined during planning, if necessary.

  • General Notes:

  • Verify any changes made to the QMS, if necessary.

  • General Notes:

  • Verify retained documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions

  • General Notes:

10.3 Continual improvement

  • Verify how the organization continually improves. Does it consider the results of analysis and evaluation and the outputs from management review to determine if there are needs or opportunities that shall be addressed as part of continual improvement?

  • General Notes:

Previous Audit Findings

  • Any previous findings?

  • Previous Audit Finding

  • Finding

  • Finding Addressed?

  • General Notes:

Audit Findings

  • Were any Opportunities for Improvement detected during this audit?

  • Opportunities for Improvement detected during this audit:
  • Location:

  • Clause:

  • Details:

  • Were any Non Conformances detected during this audit?

  • Non Conformance detected during this Audit:
  • Category:

  • Location:

  • Clause:

  • Statement of Non Conformance:

  • Clause Requirement:

  • Objective Evidence:

Audit Conclusion

  • Audit Summary:

  • Signature of Auditee(s)

  • Signature of Auditor(s)

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.