Internal Audit Checklist - Everything You

Need to Know
What is an Internal Audit Checklist? An internal audit checklist is an invaluable tool for
comparing a business’s practices and processes to the requirements set out by ISO
standards. The internal audit checklist contains everything needed to complete an internal
audit accurately and efficiently.

Contents
 Why Perform an Internal Audit?
 Benefits of Using An Internal Audit Checklist
 What is an Internal Audit?
 Internal Audit Process
 Internal Audit Checklists
 Supplier Audit Checklist
 Process Audit Checklist
 Other Types of Audits
 Internal Audit Checklist, Procedure & Templates

Why Perform an Internal Audit?

Your ISO 9001 Internal Audit Procedure helps your organization confirm the Quality Management
System (QMS) is working effectively and is in line with ISO 9001 standards.

Benefits of Using An Internal Audit Checklist

The audit checklist is just one of the many tools which are available from the auditor’s toolbox that
help ensure your audits address the necessary requirements. It stands as a reference point before,
during and after the audit process and if developed for a specific audit and used correctly will provide
the following benefits:

 Ensures the audit is conducted systematically

 Promotes audit planning
 Ensures a consistent audit approach
 Actively supports your organization’s audit process (ISO 9001:2015, Clause 9.2.1);
 Provides a repository for notes collected during the audit
 Ensures uniformity in the performance of different auditors
 Provides reference to objective evidence
View our Checklists - including a Free Supplier Audit Checklist and Process Audit Checklist)
What is an Internal Audit?
In short, an ISO 9001 internal audit is a routine inspection within the company in which an assigned
auditor assesses your organization’s processes and quality management system based on the criteria
provided by the latest ISO 9001 standard. Auditors are responsible for informing you of any areas that
need improvement in order to meet the standard, in addition to areas that are performing well and are
conforming to the standard.

Internal audits aid with preparing for an external audit, which is usually the determining factor of
whether your organization is granted ISO 9001 certification.

The internal audits will review a few areas of your organization, including:

 Standards
 Areas subject to improvement
 Effectiveness of the system
Internal audits can be scheduled as frequently as your organization determines is needed in order to
improve processes. Some businesses schedule audits once a year, every quarter, or even once a
month, at most.

Internal Audit Process

There are a few steps to follow to ensure the highest rate of success for your internal audits. If you
follow these steps closely, you should have a great experience throughout the process and have solid
results by the end of it.

1. Scheduling the Audit

Before planning out the audit itself, you will want to make sure that everyone on your team has a
proper heads-up to your intentions. If not, the results that you may receive running an audit randomly
will not give you proper information, making the entire audit process virtually useless. In addition, if
your employees and management are prepared for the audit, they will have a better idea of what to
expect for the external audit later.

You will want to make sure that process managers are given enough time to wrap up anything they
are working on, so you are given the most accurate information possible. So, if you are planning on
doing an internal audit, make sure you check in on the progress of projects among management and
employees before moving forward and planning the audit.

2. Planning of Audit
Next, you will actually want to begin the process of starting the audit. To start, you will want to make
sure that it is scheduled accordingly. This includes informing the auditors you are using to determine
the most effective time to come and conduct the review.

This is the most important step of the audit process, as auditors can also look at your organization’s
audit history and review previous issues that may have been found beforehand. From here, the
auditor will let you know the best time to begin the process.

Choosing Auditors

Either an assigned ISO 9001-trained employee(s) from within the company or outside, verified
auditor(s) can conduct and oversee the audit. Their role is to make sure everything regarding your
company’s processes is performing well and to go over their findings with you. It is recommended that
you have more than one auditor, so the process goes smoothly; in addition, it is always better to have
more than one set of eyes when it comes to audits. The larger your organization, the more auditors
you should have.

3. Running the Audit

After careful planning, the next logical step will be to actually conduct an audit. The beginning of this
will be more of a reassurance to you and the auditor that the plan is laid in stone and ready to start.
Many things are done throughout the audit itself, such as the review of all records, observing the
success of certain functions, detecting flaws within the system, conversations with employees, and
more.

The best reports received from these internal audits are those that not only show areas that are
considered to be running poorly but also are able to give out recommendations for areas that can
operate much more effectively with adjustments.

These adjustments, also known as corrective actions, can provide process managers and your
organization’s systems much more success in the long run.

4. Reports
Once the audit has been thoroughly conducted, the auditors will meet with you, (or whoever the
process manager is) to discuss the results that they were able to find. The highlights of this meeting
will be to showcase the errors that were found and what tactics can be used to improve those areas.

Having hard evidence of what processes are not producing—in addition to paths to improvement—
offered is any process manager’s dream, and it is a reality that can be achieved through an internal
audit. What these reports and results will also do is help you save resource costs by utilizing them
much more efficiently, as you will now know where time and energy should be spent.

5. Follow-Up
Every now and then, you will want to reflect on the results of the audit and issues that were found
that have now been addressed. You will want to review this information with those who provided you
with the audit. Compare your standards from before your audit to after to see if there have been any
significant changes in performance based on recommended adjustments.
Afterward, rinse and repeat this process over time, as success will not stick around for very long and
tweaks will need to be made often to keep assuring improvements are on the rise.

Internal Audit Checklists

The checklist is a great reference to ensure that the steps of the internal audit are done both
effectively and properly. There are two types of audit checklists. These are:

1. Supplier Audit Checklist

2. Process Audit Checklist
View our Checklists - including a Free Supplier Audit Checklist and Process Audit Checklist)

Supplier Audit Checklist

The supplier audit checklist is used to help suppliers identify compliance of an organization with the
requirements from ISO 9001 standards. It is about 21 pages altogether and contains quite a bit of
information.

Scoring Criteria

The scoring criteria for internal audits are broken up into four different sections. These four sections
are:

1. Compliant - This means everything about a specific process is in compliance with ISO 9001, and
all requirements are met effectively. This is, of course, the best score you can receive, based on
the criteria.
2. Opportunity for Improvement - This will refer to a small issue or a flaw within the
management system. This is where an auditor will try to give a recommendation for improvement
as well.
 3. Minor Non-Conformance - This score will reflect a poor representation of a document and/or a
low number of requirements met for the process. This will not exactly result in a complete failure
in your final compliance score, but it will affect certain sections of it.
4. Major Non-Conformance - If you receive this as a score on the criteria, many changes will
need to be made. This means that there is a lack of proper documentation, provision, or properly
implemented standards.
Requirements

For the supplier, the audits will be conducted in a manner that was discussed previously, referring to
the first step of the audit process above. During these audits, processes will be identified and
recorded, as well the auditor providing explanations for the process manager to help them understand
how interactions work within the processes.

The following bullets are requirements for the audit directly pulled from the official supplier audit
checklist:

For audits of customer-related processes, they are conducted at intervals to:

 Determine whether the process conforms to planned arrangements

 Determine whether the process is properly implemented and maintained
 Provide information on process performance to Top Management
These points should be considered during the auditing process:

 Is there continuity between the various support processes?

 Is the task done consistently on a person-to-person or day-to-day basis?
 Do the interfaces between the departments operate smoothly?
 Does product information flow freely?
 Is the procedure correct?
 Does it meet the requirements of the standard or specification?
 Is it helping the organization effectively?
Process Audit Turtle Diagram

Another great tool that is given in the supplier checklist is the process audit turtle diagram. This gives
the auditor questions to consider under the following subjects:

 Equipment & Facilities

 Personnel
 Control Processes
 Process Inputs
 Process Name/Description
 Process Outputs
 Instructions & Procedures
 Support Processes
 Key Performance Indicators
For example, for Process Inputs, questions such as what triggers the process, and where inputs come
from, are asked in the diagram. Each box of questions points to another set of questions, helping the
supplier to complete the checklist effectively.

Quality Planning

For the remainder of the checklist, various subjects are organized into the following table:

  Audit Question Finding (Check) Audit Evidence Wh

 COMPLIANT MINOR N/C MAJOR N/C Provide a
reference to
documentation
or records that
justify the
finding.

1 Q1          

2            

3            

 
Quality Management

The first subject to be included in the above table is quality management. This is to review how
processes are performing as well as checking to make sure that objectives are clear for the business
plan.

Also, issues found and how improvement corresponds to previous corrective actions will be some of
the things that will be looked for as well. Finally, strategic objectives, plans for action, and other
quality management system-related requirements will be assessed.

Continuous Improvement

The next subject that is analyzed is continuous improvement. Some of the included questions that are
included in this audit list are:

 Are preventive actions taken based on the analysis of significant business trends, design reviews,
customer satisfaction surveys, or other meaningful inputs?
 Does the corrective action system cover customer, internal, and supplier issues?
These questions are taken directly from the question list and give you a good idea of how they are
formatted. Also, management meetings, customer surveys, and various action plans are some of the
things that will be assessed during this section.

Education and Training

This is certainly one of the more important subjects that are analyzed during the internal audit, as this
will be the groundwork for later improvement and success. Some of the questions asked during this
audit section of the checklist are based on making sure that there are records being maintained and
that the methods used for verifying training are suitable as well.

As far as what will be looked for, certification history and records of qualifications are near the top of
the list. Training manuals and assessments for job skills will be analyzed, as well.

Occupational Health and Safety

This area will mainly be concerned with checking the management system, as well as the policy and
procedures that deal with health and safety. Questions dealing with this section of the audit checklist
revolve around checking procedures used for identifying hazards and control measures for issues.
During the audit, the procedure for training, communication, and participation will also be looked at.

Design and Development Support

There are quite a few questions that are asked regarding this section—about five in total. Some of
these questions are about CTQ (Critical-to-Quality) characteristics, as well as making sure that both
human and technical resources are meeting all requirements.

Some of the things that are looked for include:

 Market studies
 Technical staff requirements/qualification
 CAD
 Process plan
Quality Planning

Quality planning deals with inspecting samples from production, in addition to making sure that test
plans are followed properly. During this section, auditors also make sure that certain data is available
at any request, such as data related to product reliability.

Auditors look for test reports, charts on test summaries, and so on. Forms such as the PPAP
(Production Part Approval Process) will be inspected as well.

Other Items On the Audit Checklist

Other areas that are included in the internal audit checklist include the following:

 Customer Documentation
 Procurement
 Incoming Material
 Manufacturing Quality
 Process Control
 Nonconforming Material
 Monitoring & Measurement
 Maintenance
 Environment
 Storage & Packing
Findings Summary

At the end of the checklist, there is a box that is used to gather certain information regarding findings,
including:

 Number
 ISO/Specification Reference
 Summary
 Root Cause
 NCR Number
 Rectification Date
These boxes are checked within the following categories:

 Non-Conformance
 Corrective Action
 Preventive Action & Opportunity for Improvement
Finally, additional notes about observations and comments during the audit are written in this section.
Process Audit Checklist
The process audit checklist is used to assess your organization’s various processes for effectiveness
and performance within ISO 9001 requirements. If follows a near-identical template to the other
checklist, but is shorter in form.

Scoring Criteria

The scoring criteria for process audit checklists are identical to the supplier checklist,
featuring compliant, opportunities for improvement, minor non-conformance, and major non-
conformance as the grades for scoring.

Requirements/Process Audit Checklist

The audit requirements are the same as the supplier checklist, with no changes in this area. The
process audit checklist is nearly the same as well.

  Audit Question Finding (Check) Audit Evidence

COMPLI-ANT OFI MINOR N/C MAJOR N/C

Provide a
reference to
documentation
or records that
justify the
 finding.

1            

2            

3            

The only thing different between the two checklists are the tables and what is shown. While the
process audit checklist table includes audit questions, similar to the supplier checklist, the big
difference is in the opportunities for improvement slot, otherwise known as OFI. This is where
suggestions to improve processes will be placed.

Process Definitions

The first subject area, process definitions, includes questions regarding the process managers being
identified, and evidence for process inputs.

Process Resources

Process resources are the next subject area that is marked for the table, which includes a total of 14
questions. These questions look at the number of people that are included in a process and the
measure of efficiency and satisfaction based on employee input.

Process Execution

Next up is process execution. This deals with audit questions revolving around making sure that
material usage is maximized in order to avoid waste, as well as seeing that interfaces within the
departments operate as they should.

Process Monitoring

Process monitoring deals with questions directed toward the following key points:

 Making sure the process is being monitored properly

 Ensuring improvements within the process are made
 KPI is consistent with quality objectives
 Measuring the effectiveness of the process, as well as its efficiency.
This is arguably one of the more important subjects of the process audit since it deals with the
processes themselves.

Process Improvement

The final area in the process audit checklist is process improvement. This section focuses on how the
process itself can be improved in any way.

Some of the questions will focus on seeing if the PDCA (plan-do-check-act) cycle is effective for your
organization, as well as checking to see if employees show signs of improvement.
Findings Summary

The table found in the findings summary in the process audit checklist conveys the same information
as the supplier checklist, but only lists non-conformance, corrective action, and preventive action &
OFI as scoring options. In addition, a section is included for observations, comments, and any other
notes to complete the process audit checklist.

Other Types of Audits

Internal audits are only one form of audit your organization can take advantage of to improve internal
systems and processes.

For example, although most internal audits are on-site and performed by someone who works within
the company, you can also use remote audits, in which an outside auditor will assess your
organization virtually. You can also hire an auditor from outside your company to perform an on-site
audit.

External Audits

External audits are a little different from internal audits, as they prepare you for your official
certification audit later on. External audits focus on supplier and customer certification, as well as
surveillance.

Customer Audits

Customer audits are done when a customer has verified themselves that the organization is meeting
the requirements that they have established.
Supplier Audits

Audits focused on the supplier are designed to make sure that the requirement of control of external
providers is accomplished. These audits are performed more frequently; this is partly due to internal
auditing being such a large part in the process of becoming ISO 9001 certified.

Certification Audit

This is the audit that is done before you are given a certification in ISO 9001. It is the last milestone
before achieving the ultimate goal of becoming certified. They are typically completed in two separate
parts.

1.
The first part acts as a warm-up and feeling out process to ensure that you are ready to move
onto the second part of the audit. If it is decided that you have succeeded in reaching the
requirements to move on, then the second phase will commence.
2. The second part of the audit is done on location and is performed in the form of an interview. For
example, staff will be included in this part of the audit, as documented information will be under
review as well. This is done to ensure that your organization is in alignment with all of the
requirements set out by ISO 9001.
Also, it should be noted that these types of audits are usually only conducted every three years; this is
something to keep in mind when planning to schedule routine internal audits and to prepare for your
ISO 9001 recertification.

Internal audits provide many benefits to organizations: they help businesses set benchmarks in
order to continue improving their systems and processes; address underlying issues that stem from
existing processes, and prepare for ISO 9001 certification.

If your organization is planning its next internal audit, having an internal audit checklist such as the
ones mentioned above will make the process go smoothly and in an organized manner.