How To Conduct an ISO 9001 Internal Audit

What Is An ISO 9001 Internal Audit?

An ISO 9001 internal audit is a routine inspection within the company in which an assigned auditor assesses your organization’s processes and quality management system based on the criteria provided by the latest ISO 9001 standard.

Contents

The internal audit is documented using an Internal Audit Procedure and is carried out using an Internal Audit Checklist.

Auditors are responsible for informing you of any areas that need improvement in order to meet the standard, in addition to areas that are performing well and are conforming to the standard.

Internal audits aid with preparing for an external audit, which is usually the determining factor of whether your organization is granted ISO 9001 certification.

Internal audits can be scheduled as frequently as your organization determines is needed in order to improve processes. Some businesses schedule audits once a year, every quarter, or even once a month, at most.

internal audit blackboard planning

Internal Audit Process

There are a few steps to follow to ensure the highest rate of success for your internal audits. If you follow these steps closely, you should have a great experience throughout the process and have solid results by the end of it.

1. Scheduling the Audit

Before planning out the audit itself, you will want to make sure that everyone on your team has a proper heads-up to your intentions. If not, the results that you may receive running an audit randomly will not give you proper information, making the entire audit process virtually useless. In addition, if your employees and management are prepared for the audit, they will have a better idea of what to expect for the external audit later.

You will want to make sure that process managers are given enough time to wrap up anything they are working on, so you are given the most accurate information possible. So, if you are planning on doing an internal audit, make sure you check in on the progress of projects among management and employees before moving forward and planning the audit.

2. Planning of Audit

Next, you will actually want to begin the process of starting the audit. To start, you will want to make sure that it is scheduled accordingly. This includes informing the auditors you are using to determine the most effective time to come and conduct the review.

This is the most important step of the audit process, as auditors can also look at your organization’s audit history and review previous issues that may have been found beforehand. From here, the auditor will let you know the best time to begin the process.

Choosing Auditors

Either an assigned ISO 9001-trained employee(s) from within the company or outside, verified auditor(s) can conduct and oversee the audit. Their role is to make sure everything regarding your company’s processes is performing well and to go over their findings with you. It is recommended that you have more than one auditor, so the process goes smoothly; in addition, it is always better to have more than one set of eyes when it comes to audits. The larger your organization, the more auditors you should have.

3. Running the Audit

After careful planning, the next logical step will be to actually conduct an audit. The beginning of this will be more of a reassurance to you and the auditor that the plan is laid in stone and ready to start. Many things are done throughout the audit itself, such as the review of all records, observing the success of certain functions, detecting flaws within the system, conversations with employees, and more.

The best reports received from these internal audits are those that not only show areas that are considered to be running poorly but also are able to give out recommendations for areas that can operate much more effectively with adjustments.

These adjustments, also known as corrective actions, can provide process managers and your organization’s systems much more success in the long run.

4. Reports

Once the audit has been thoroughly conducted, the auditors will meet with you, (or whoever the process manager is) to discuss the results that they were able to find. The highlights of this meeting will be to showcase the errors that were found and what tactics can be used to improve those areas.

Having hard evidence of what processes are not producing—in addition to paths to improvement—offered is any process manager’s dream, and it is a reality that can be achieved through an internal audit. What these reports and results will also do is help you save resource costs by utilizing them much more efficiently, as you will now know where time and energy should be spent.

5. Follow-Up

Every now and then, you will want to reflect on the results of the audit and issues that were found that have now been addressed. You will want to review this information with those who provided you with the audit. Compare your standards from before your audit to after to see if there have been any significant changes in performance based on recommended adjustments.

Afterward, rinse and repeat this process over time, as success will not stick around for very long and tweaks will need to be made often to keep assuring improvements are on the rise.

Foreman checklist document

Using An Internal Audit Checklist

The checklist is a great reference to ensure that the steps of the internal audit are done both effectively and properly.

Scoring Criteria

The scoring criteria for internal audits are broken up into four different sections. These four sections are:

  1. Compliant - This means everything about a specific process is in compliance with ISO 9001, and all requirements are met effectively. This is, of course, the best score you can receive, based on the criteria.
  2. Opportunity for Improvement - This will refer to a small issue or a flaw within the management system. This is where an auditor will try to give a recommendation for improvement as well.
  3. Minor Non-Conformance - This score will reflect a poor representation of a document and/or a low number of requirements met for the process. This will not exactly result in a complete failure in your final compliance score, but it will affect certain sections of it.
  4. Major Non-Conformance - If you receive this as a score on the criteria, many changes will need to be made. This means that there is a lack of proper documentation, provision, or properly implemented standards.

Requirements

For the supplier, the audits will be conducted in a manner that was discussed previously, referring to the first step of the audit process above. During these audits, processes will be identified and recorded, as well the auditor providing explanations for the process manager to help them understand how interactions work within the processes.

The following bullets are requirements for the audit directly pulled from the official supplier audit checklist:

For audits of customer-related processes, they are conducted at intervals to:

  • Determine whether the process conforms to planned arrangements
  • Determine whether the process is properly implemented and maintained
  • Provide information on process performance to Top Management

These points should be considered during the auditing process:

  • Is there continuity between the various support processes?
  • Is the task done consistently on a person-to-person or day-to-day basis?
  • Do the interfaces between the departments operate smoothly?
  • Does product information flow freely?
  • Is the procedure correct?
  • Does it meet the requirements of the standard or specification?
  • Is it helping the organization effectively?

Process Audit Turtle Diagram

Another great tool that is given in the supplier checklist is the process audit turtle diagram. This gives the auditor questions to consider under the following subjects:

  • Equipment & Facilities
  • Personnel
  • Control Processes
  • Process Inputs
  • Process Name/Description
  • Process Outputs
  • Instructions & Procedures
  • Support Processes
  • Key Performance Indicators

For example, for Process Inputs, questions such as what triggers the process, and where inputs come from, are asked in the diagram. Each box of questions points to another set of questions, helping the supplier to complete the checklist effectively.

Quality Planning

For the remainder of the checklist, various subjects are organized into the following table:

 

Audit Question

Finding (Check)

Audit Evidence

What to Look For

COMPLIANT

MINOR N/C

MAJOR N/C

Provide a reference to documentation or records that justify the finding.

1

Q1

 

 

 

 

 

2

 

 

 

 

 

 

3

 

 

 

 

 

 

 

Quality Management

The first subject to be included in the above table is quality management. This is to review how processes are performing as well as checking to make sure that objectives are clear for the business plan.

Also, issues found and how improvement corresponds to previous corrective actions will be some of the things that will be looked for as well. Finally, strategic objectives, plans for action, and other quality management system-related requirements will be assessed.

Continuous Improvement

The next subject that is analyzed is continuous improvement. Some of the included questions that are included in this audit list are:

  • Are preventive actions taken based on the analysis of significant business trends, design reviews, customer satisfaction surveys, or other meaningful inputs?
  • Does the corrective action system cover customer, internal, and supplier issues?

These questions are taken directly from the question list and give you a good idea of how they are formatted. Also, management meetings, customer surveys, and various action plans are some of the things that will be assessed during this section.

Education and Training

This is certainly one of the more important subjects that are analyzed during the internal audit, as this will be the groundwork for later improvement and success. Some of the questions asked during this audit section of the checklist are based on making sure that there are records being maintained and that the methods used for verifying training are suitable as well.

As far as what will be looked for, certification history and records of qualifications are near the top of the list. Training manuals and assessments for job skills will be analyzed, as well.

Occupational Health and Safety

This area will mainly be concerned with checking the management system, as well as the policy and procedures that deal with health and safety. Questions dealing with this section of the audit checklist revolve around checking procedures used for identifying hazards and control measures for issues.

During the audit, the procedure for training, communication, and participation will also be looked at.

Design and Development Support

There are quite a few questions that are asked regarding this section—about five in total. Some of these questions are about CTQ (Critical-to-Quality) characteristics, as well as making sure that both human and technical resources are meeting all requirements.

Some of the things that are looked for include:

  • Market studies
  • Technical staff requirements/qualification
  • CAD
  • Process plan

Quality Planning

Quality planning deals with inspecting samples from production, in addition to making sure that test plans are followed properly. During this section, auditors also make sure that certain data is available at any request, such as data related to product reliability.

Auditors look for test reports, charts on test summaries, and so on. Forms such as the PPAP (Production Part Approval Process) will be inspected as well.

Other Items On the Audit Checklist

Other areas that are included in the internal audit checklist include the following:

  • Customer Documentation
  • Procurement
  • Incoming Material
  • Manufacturing Quality
  • Process Control
  • Nonconforming Material
  • Monitoring & Measurement
  • Maintenance
  • Environment
  • Storage & Packing

Findings Summary

At the end of the checklist, there is a box that is used to gather certain information regarding findings, including:

  • Number
  • ISO/Specification Reference
  • Summary
  • Root Cause
  • NCR Number
  • Rectification Date

These boxes are checked within the following categories:

  • Non-Conformance
  • Corrective Action
  • Preventive Action & Opportunity for Improvement

Finally, additional notes about observations and comments during the audit are written in this section.

internal audit blackboard planning

Other Types of Audits

Internal audits are only one form of audit your organization can take advantage of to improve internal systems and processes.

For example, although most internal audits are on-site and performed by someone who works within the company, you can also use remote audits, in which an outside auditor will assess your organization virtually. You can also hire an auditor from outside your company to perform an on-site audit.

External Audits

External audits are a little different from internal audits, as they prepare you for your official certification audit later on. External audits focus on supplier and customer certification, as well as surveillance.

Customer Audits

Customer audits are done when a customer has verified themselves that the organization is meeting the requirements that they have established.

Supplier Audits

Audits focused on the supplier are designed to make sure that the requirement of control of external providers is accomplished. These audits are performed more frequently; this is partly due to internal auditing being such a large part in the process of becoming ISO 9001 certified.

Supplier Audit Checklist

The supplier audit checklist is used to help suppliers identify compliance of an organization with the requirements from ISO 9001 standards.

View our Checklists - including a Free Supplier Audit Checklist and Process Audit Checklist)

Process Audit

The process audit checklist is used to assess your organization’s various processes for effectiveness and performance within ISO 9001 requirements. If follows a near-identical template to the other checklist, but is shorter in form.

Scoring Criteria

The scoring criteria for process audit checklists are identical to the supplier checklist, featuring compliant, opportunities for improvement, minor non-conformance, and major non-conformance as the grades for scoring.

Requirements/Process Audit Checklist

The audit requirements are the same as the supplier checklist, with no changes in this area. The process audit checklist is nearly the same as well.

 

Audit Question

Finding (Check)

Audit Evidence

Opportunities for
Improvement (OFI)

COMPLI-ANT

OFI

MINOR N/C

MAJOR N/C

Provide a reference to documentation or records that justify the finding.

Provide suggestions for process improvement.

1

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

 

The only thing different between the two checklists are the tables and what is shown. While the process audit checklist table includes audit questions, similar to the supplier checklist, the big difference is in the opportunities for improvement slot, otherwise known as OFI. This is where suggestions to improve processes will be placed.

Process Definitions

The first subject area, process definitions, includes questions regarding the process managers being identified, and evidence for process inputs.

Process Resources

Process resources are the next subject area that is marked for the table, which includes a total of 14 questions. These questions look at the number of people that are included in a process and the measure of efficiency and satisfaction based on employee input.

Process Execution

Next up is process execution. This deals with audit questions revolving around making sure that material usage is maximized in order to avoid waste, as well as seeing that interfaces within the departments operate as they should.

Process Monitoring

Process monitoring deals with questions directed toward the following key points:

  • Making sure the process is being monitored properly
  • Ensuring improvements within the process are made
  • KPI is consistent with quality objectives
  • Measuring the effectiveness of the process, as well as its efficiency.

This is arguably one of the more important subjects of the process audit since it deals with the processes themselves.

Process Improvement

The final area in the process audit checklist is process improvement. This section focuses on how the process itself can be improved in any way.

Some of the questions will focus on seeing if the PDCA (plan-do-check-act) cycle is effective for your organization, as well as checking to see if employees show signs of improvement.

Findings Summary

The table found in the findings summary in the process audit checklist conveys the same information as the supplier checklist, but only lists non-conformance, corrective action, and preventive action & OFI as scoring options. In addition, a section is included for observations, comments, and any other notes to complete the process audit checklist.

Certified

Certification Audit

This is the audit that is done before you are given a certification in ISO 9001. It is the last milestone before achieving the ultimate goal of becoming certified. They are typically completed in two separate parts.

  1. The first part acts as a warm-up and feeling out process to ensure that you are ready to move onto the second part of the audit. If it is decided that you have succeeded in reaching the requirements to move on, then the second phase will commence.
  2. The second part of the audit is done on location and is performed in the form of an interview. For example, staff will be included in this part of the audit, as documented information will be under review as well. This is done to ensure that your organization is in alignment with all of the requirements set out by ISO 9001.

Also, it should be noted that these types of audits are usually only conducted every three years; this is something to keep in mind when planning to schedule routine internal audits and to prepare for your ISO 9001 recertification.

Learn more about the ISO 9001 Certification Audit.

Internal audits provide many benefits to organizations: they help businesses set benchmarks in order to continue improving their systems and processes; address underlying issues that stem from existing processes, and prepare for ISO 9001 certification.

If your organization is planning its next internal audit, having an internal audit checklist such as the ones mentioned above will make the process go smoothly and in an organized manner.

To view our ISO 9001 Audit Procedure & Checklists, please see below.

Internal Auditing & Gap Analysis

 

Updated: 21st March 2023
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO Checklist

 

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your internal audits without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.


  Standard  

QMS Internal Audit Documentation Package

Everything you need to perform an internal audit for ISO 9001:2015.

Procedures - view sample

Checklist - view sample

Charts

Reports & Forms

  • Audit Results Summary
  • Internal Audit Report - view sample
  • Corrective Action Report
  • Non-conformance Report
  • QMS NC & Corrective Action Tracker
  • Internal Audit Feedback Form

Process Maps

  • Process Audit Template
  • Control of Internal Audits Process Activity Map
  • Internal Audit Process Map - view sample
  • Control of nonconformity & Corrective Action Process Activity Map
  • Nonconformity & Corrective Action Process Map
  • Supplier Process Turtle Diagram

Plus:

  • Internal Audit Guidance - view sample
  • Audit Question Guidance
  • Clause-by-clause Interpretation

The documents are used together as a cohesive system or available seperately below.

ISO 9001:2015

$149 USD add to cart

QMS Control of Internal Audits Procedure - view sample

The purpose of the Internal Audit Procedure is to define your organization’s process for undertaking QMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of the quality management system and its compliance to ISO 9001:2015.

This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:

  • Control of Internal Audits Process Activity Map
  • Audit Report
  • Audit Feedback Form - view sample
  • Internal Audit Process Map - view sample

ISO 9001:2015

$19 USD add to cart

QMS Internal Audit Checklist v2 - view sample

Use this audit checklist to determine the extent to which your quality management system conforms to ISO 9001 requirements by determining whether those requirements have been effectively implemented and maintained. This template will help you to assess the state of your existing management system and identify process weakness to allow a targeted approach to prioritizing corrective action.

Master Internal Audit Checklist - view sample

This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 9001:2015, each required is phrased as a question.

  • 305 Audit Questions
  • MS Excel
  • Context of the Organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

The answers will automatically populate and update the Audit Results Summary and charts.

Audit Results Summary

  • Automated Charts - view sample
  • Compliance Summary
  • Top 10 Root-causes
  • Nonconformity Breakdown by Clause
  • Recommendations
  • OFIs by Section

Process Audit Template

Requires the auditor review the inputs, risks, controls, activities, equipment, materials, personnel, and methods of measurement for each process.

Question Guidance

Guidance and suggestions for each audit question - view sample

ISO 9001:2015

$79 USD add to cart

QMS Internal Audit Checklist v1 - view sample

This is the 'Master Internal Audit Checklist' (see above) in MS Word format.

  • 305 Audit Questions
  • MS Word
  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

ISO 9001:2015

$39 USD add to cart
  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

money back guarantee


We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002.

Please read our Money Back Guarantee.

 

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

 

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

 

FAQs About Our Templates

Ask Us a Question

More Information

 

ISO 9001 Client images