Procedure - Internal Auditing
Procedure - Internal Auditing
Procedure - Internal Auditing
Page 1 of 3
[Full Client Name Reg Caps]
Procedure: [Internal Auditing Proc. Title]
Rev. [Rev Number]
4.3. The applicable ISO 9001 standard clauses pertaining to each process are defined in Table 1
below. These are the minimum clauses which must be audited for each process; an auditor may
audit any clause of the applicable standard, and writing findings against them, depending on
how the audit unfolds. (You will have to create this table yourself; see the sample table included
with the kit documentation.)
4.4. Additional processes of other activities or facilities, outside of the process model, may also be
scheduled. For example, this may include safety audits, configuration management audits, etc.
In such cases, unique audit forms may be developed for such non-process related audits.
4.5. The [who?] plans audits according to need, management decision, or customer requirements,
and assigns a Lead Auditor for each, as well as any supporting auditor team members.
Scheduling is recorded in the Internal Audit Schedule portion of the Internal Audit Log.
4.6. Auditors are independent of the area being audited; [Short Client Name] may therefore use
approved third-party contract auditors for its internal audit program; the requirements for third
party auditors are defined in the [Quality Manual Doc Title]. Employees selected as internal
auditors will have attended at a minimum a 4-hour [ adjust as you see fit] internal auditor
training program and at least 8 hours [ adjust as you see fit] of shadow auditing with a
previously qualified internal auditor, or third party auditor.
4.7. Using the Internal Audit Report as a basic checklist, the Lead Auditor will plan the scheduled
audit with the appropriate departments and with any other audit team members. The audit
team will determine additional checklist items or requirements to verify, and add these to the
checklist portion of the Internal Audit Report.
4.8. Auditors will then conduct the audit by following the steps defined on the Internal Audit Report.
These are:
4.8.1. Step One: Audit Planning – definition of the scope of the audit, dates of audit,
auditors, applicable clauses of affected standards, and documents to review.
4.8.2. Step Two: Document Review – a comparison of the quality system documentation
against the requirements of the applicable standard.
4.8.3. Step Three: Practical Audit – comparison of actual practice vs. the requirements of
both the company QMS documentation and the applicable standards.
4.8.4. Step Four: Verifying Effectiveness of the Process – general questions aimed at
verifying that the process being audited is effective and not prone to generating
nonconformities.
4.8.5. Step Five: Summarize Findings – a detailed list of the negative findings to be entered
into the [CAR Form Name] system.
4.8.6. Step Six: Review of Report – a review by the Lead Auditor of all findings and evidence
to ensure the audit report is complete, clear, objective, and provides traceable
objective evidence.
4.9. Auditing shall be performed by obtaining objective evidence to support each requirement, or
indicate where nonconformances are found. All findings are recorded on the Internal Audit
Page 2 of 3
[Full Client Name Reg Caps]
Procedure: [Internal Auditing Proc. Title]
Rev. [Rev Number]
Report. The internal auditor submits [CAR Form Name]s as necessary to address the
nonconformances recorded on the report.
4.10. When recording nonconformities, each negative finding must include three elements:
4.10.1. Indication of the Requirement – the document or clause of the applicable standard
which is thought to have been violated.
4.10.2. Objective Evidence – traceable indication of the evidence found which supports the
claim of a nonconformity (e.g.: documents, products examined, interview results). In
all cases, objective evidence must be recorded in sufficient detail to ensure a third
party can find the exact evidence at a later date.
4.10.3. Details of the Disconnect – a brief statement on why the objective evidence shows a
nonconformity against the requirement.
4.11. The nonconformities shall be rated as either “Major” or “Minor” per the requirements of
customers and some regulatory bodies. See definitions of Major and Minor Nonconformities in
section 3 above. ( delete if not desired. This is not a requirement for internal audits, although
some customers or government agencies may require it of your internal program; if deleted, you
should also delete the definitions for “major” and “minor” in section 3.)
4.12. Findings shall be rated by Type, whether Corrective, Preventive or Opportunity for Improvement
(OFI) for when [CAR Form Name]s are filed.
4.13. Once [CAR Form Name]s are filed, the responsible managers or parties shall ensure timely
corrective action is taken to remedy any nonconformances found. During the [CAR Form Name]
effectiveness review, the results of actions taken to address audit findings are evaluated.
4.14. The [who?] shall update the audit schedule within the Internal Audit Log to reflect to closure of
the audit, and enter a summary of audit findings. Based on the results of the audits, and
previous audits, the [who?] will then schedule the next audit of the particular process. Processes
for which internal audits discover a high number of findings, or critical findings of any number,
should be audited more frequently until the process is proven effective again.
4.15. The completed Internal Audit Report is then published on the company’s server and/or sent to
the appropriate managers of the areas audited, in order to report the findings and results. In
this way, and in conjunction with the submission of [CAR Form Name]s, all necessary managers
are notified of the audit results and may make informed decisions for their departments based
on those results.
4.16. The results of internal audits are also gathered and summarized on the charts generated by the
Internal Audit Log, for review by top management during management review and by all
employees, through a general posting of the chart.
4.17. In all cases, auditees are expected to cooperate fully with the audit team.
Page 3 of 3