INTEGRATED MANAGEMENT SYSTEM
AUDIT CHECKLIST
ISO 9001:2015 ● ISO 14001:2015 ● ISO 45001:2018
Organization:
_________________________________
Site / Location:
_________________________________
Audit Type:
☐ Internal ☐ External ☐ Surveillance
Audit Scope:
_________________________________
Audit Date(s):
_________________________________
Lead Auditor:
_________________________________
Audit Team:
_________________________________
Auditee Representative:
_________________________________
Document Ref:
IMS-AUD-CKL-001
Revision:
Rev 01
Result Code Legend
Code
Description
C
Conformity – Requirement is met with adequate evidence
NC
Nonconformity – Requirement is not met; a finding must be raised
OBS
Observation – Not yet a nonconformity but a potential risk or improvement opportunity
N/A
Not Applicable – Write N/A in both C and NC columns
Auditor Instructions
1. For each checklist item, mark C (Conformity), NC (Nonconformity), or OBS (Observation) in the respective column.
2. In the OBS column, enter a brief note or reference to the audit finding sheet number.
3. For any NC or OBS, complete a separate Audit Finding Sheet (AFS) and cross-reference the finding number.
4. Where a requirement is not applicable to the scope, write N/A and provide justification in the OBS column.
5. Collect objective evidence for each item reviewed (document numbers, record references, observation notes, interviewee names).
6. Items tagged QMS apply to ISO 9001; EMS applies to ISO 14001; OH&S applies to ISO 45001. Untagged items apply to all three standards.
AUDIT CHECKLIST — DETAILED REQUIREMENTS
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
4. CONTEXT OF THE ORGANIZATION [ISO 9001 §4 | ISO 14001 §4 | ISO 45001 §4]
4.1 Understanding the Organization and Its Context
4.1
Has the organization determined external and internal issues relevant to its purpose and strategic direction that affect its ability to achieve intended results?
Interview top management & process owners; review SWOT/PESTLE analysis
Context analysis, strategic plan, SWOT/PESTLE document
☐
☐
☐
4.1
Are internal issues (culture, values, performance, governance) identified and documented?
Review documented information; interview management
Internal context register
☐
☐
☐
4.1
Are external issues (regulatory, market, competitive, socio-economic) identified and monitored?
Review external context log, minutes of review meetings
External context register, management review minutes
☐
☐
☐
4.1 EMS
Have environmental conditions (climate, air, water, land, natural resources) been considered in the context determination?
Review EMS context documentation
Environmental aspect context register
☐
☐
☐
4.1 OH&S
Have OH&S issues including work activities, hazardous products, and worker characteristics been considered?
Review OH&S context documentation
OH&S context register
☐
☐
☐
4.2 Understanding the Needs and Expectations of Interested Parties
4.2
Has the organization identified all relevant interested parties (customers, suppliers, regulators, employees, community, shareholders, etc.)?
Review stakeholder register; interview process owners
Interested parties register
☐
☐
☐
4.2
Have the needs and expectations of each interested party been determined and documented?
Review stakeholder needs analysis
Stakeholder needs matrix
☐
☐
☐
4.2 EMS
Has it been determined which needs/expectations of interested parties have become compliance obligations for the EMS?
Review legal register and compliance obligations list
Compliance obligations register (EMS)
☐
☐
☐
4.2 OH&S
Has it been determined which needs/expectations have become legal and other requirements for OH&S?
Review OH&S legal register
Legal & other requirements register (OH&S)
☐
☐
☐
4.2
Are interested party requirements monitored and reviewed for changes?
Verify review frequency; check records of updates
Review meeting minutes, updated registers
☐
☐
☐
4.3 Determining the Scope of the IMS
4.3
Is the scope of the IMS clearly defined, documented, and maintained?
Review scope statement document
IMS scope document
☐
☐
☐
4.3
Does the scope consider the external/internal issues and requirements of interested parties?
Compare scope to context and stakeholder analysis
IMS scope vs context matrix
☐
☐
☐
4.3
Are products, services, work activities, and physical locations included in the scope clearly stated?
Review scope boundaries; walk the site
Scope statement, site layout
☐
☐
☐
4.3
Where any requirement cannot be applied, is a justified exclusion documented?
Review exclusions list; verify justification
Scope exclusions justification document
☐
☐
☐
4.3 OH&S
Does the OH&S scope include all workers, work-related activities, and workplaces under the organization's control?
Interview workers; verify scope coverage
OH&S scope document
☐
☐
☐
4.4 IMS and Its Processes
4.4
Has the organization established, implemented, maintained, and continually improved the IMS?
Review IMS manual / framework document
IMS manual/policy framework
☐
☐
☐
4.4
Are all IMS processes identified along with their inputs, outputs, sequence, and interactions?
Review process map/turtle diagrams
Process map, process interaction matrix
☐
☐
☐
4.4
Are process owners assigned and criteria/methods for effective operation and control defined?
Interview process owners; review assignments
Process ownership matrix
☐
☐
☐
4.4
Are risks and opportunities for each process determined and addressed?
Review process risk registers
Process-level risk register
☐
☐
☐
4.4
Are documented information retained as evidence of process performance?
Sample process records across departments
Process records, KPI dashboards
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
5. LEADERSHIP [ISO 9001 §5 | ISO 14001 §5 | ISO 45001 §5]
5.1 Leadership and Commitment
5.1
Does top management demonstrate active accountability for the effectiveness of the IMS (not just delegate)?
Interview top management; review management review records
Management review minutes, signed policies
☐
☐
☐
5.1
Are the IMS policy and objectives compatible with the strategic direction of the organization?
Compare policy/objectives to strategic plan
Strategic plan, IMS policy, objectives register
☐
☐
☐
5.1
Does top management ensure integration of IMS requirements into business processes?
Review cross-functional process documentation
Process maps, integration evidence
☐
☐
☐
5.1
Does top management promote the use of process approach and risk-based thinking across the organization?
Interview department heads; review training records
Training records, awareness evidence
☐
☐
☐
5.1
Does top management ensure availability of necessary resources for the IMS?
Review resource allocation records, budgets
Budget plans, resource allocation documents
☐
☐
☐
5.1 OH&S
Does top management take overall responsibility for prevention of work-related injury and ill health?
Interview top management; review OH&S responsibilities document
OH&S responsibilities matrix, incident records
☐
☐
☐
5.1 OH&S
Does top management consult and participate in OH&S activities, including hazard identification?
Verify evidence of management participation
Safety meeting minutes, site inspection records
☐
☐
☐
5.1 EMS
Does top management demonstrate commitment to environmental protection, pollution prevention, and sustainable resource use?
Interview management; review environmental targets
Environmental policy, targets, resource records
☐
☐
☐
5.2 Policy
5.2
Is a documented IMS policy established that is appropriate to the context and strategic direction?
Review IMS policy document
IMS integrated policy
☐
☐
☐
5.2
Does the policy include a commitment to satisfy applicable requirements (customer, legal, regulatory)?
Review policy content for commitment statements
IMS policy document
☐
☐
☐
5.2
Does the policy include commitments to continual improvement and prevention of nonconformity?
Review policy statements for improvement commitments
IMS policy
☐
☐
☐
5.2 EMS
Does the EMS policy include commitments to protect the environment and fulfill compliance obligations?
Review EMS-specific policy clauses
EMS section of integrated policy
☐
☐
☐
5.2 OH&S
Does the OH&S policy include commitments to provide safe and healthy working conditions, eliminate hazards, and protect workers?
Review OH&S policy clauses; interview workers
OH&S policy, worker consultation records
☐
☐
☐
5.2
Is the policy communicated, understood, and available to interested parties (including workers)?
Interview workers at various levels; check communication methods
Communication records, training records, notice boards
☐
☐
☐
5.2
Is the policy reviewed for continued suitability?
Check review records; verify last review date
Policy review log, management review minutes
☐
☐
☐
5.3 Organizational Roles, Responsibilities, and Authorities
5.3
Are roles, responsibilities, and authorities for IMS-relevant functions defined and communicated?
Review RACI matrix, job descriptions, org chart
RACI matrix, org chart, job descriptions
☐
☐
☐
5.3
Is a management representative (or equivalent) assigned with authority to report on IMS performance?
Verify appointment letter; interview MR
Management representative appointment letter
☐
☐
☐
5.3 OH&S
Are workers at all levels assigned OH&S roles and responsibilities aligned with their activities?
Interview workers and supervisors; review role descriptions
OH&S responsibility assignments
☐
☐
☐
5.3 OH&S
Has the organization established and documented a process for worker consultation and participation in OH&S?
Review worker consultation procedure; check meeting records
Consultation procedure, safety committee minutes
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
6. PLANNING [ISO 9001 §6 | ISO 14001 §6 | ISO 45001 §6]
6.1 Actions to Address Risks and Opportunities
6.1.1
Has the organization determined risks and opportunities related to the QMS/EMS/OH&S context that need to be addressed?
Review risk register; verify linkage to context analysis
Risk and opportunity register
☐
☐
☐
6.1.1
Is there a documented methodology for risk assessment (likelihood x severity matrix or equivalent)?
Review risk assessment procedure
Risk assessment methodology document
☐
☐
☐
6.1.2 EMS
Has the organization identified environmental aspects of its activities, products, and services (including new/modified processes and abnormal conditions)?
Review aspects & impacts register; verify coverage of all activities
Environmental aspects & impacts register
☐
☐
☐
6.1.2 EMS
Are significant environmental aspects (SEAs) determined using defined criteria?
Review SEA determination criteria and results
SEA determination criteria, SEA list
☐
☐
☐
6.1.2 OH&S
Is there a systematic, proactive process for hazard identification covering routine/non-routine work, emergency situations, and work-related stress?
Review hazard identification procedure; sample records
Hazard identification procedure, hazard log
☐
☐
☐
6.1.2 OH&S
Are risk assessments conducted for identified hazards using a documented methodology?
Sample OH&S risk assessments; verify coverage
OH&S risk assessment records
☐
☐
☐
6.1.2 OH&S
Is the hierarchy of controls applied when determining OH&S controls?
Review control selection records against hierarchy
OH&S risk assessment with control hierarchy
☐
☐
☐
6.1.3 EMS
Has the organization determined its compliance obligations (legal and other) and how they apply?
Review legal register; verify completeness and updates
Legal and other requirements register
☐
☐
☐
6.1.4
Are planned actions documented for each risk/opportunity with owners, timelines, and effectiveness criteria?
Review risk action plans; sample follow-up records
Risk action plan, risk register
☐
☐
☐
6.2 Objectives and Planning to Achieve Them
6.2.1
Are IMS objectives established at relevant functions, levels, and processes (quality, environmental, OH&S)?
Review objectives register; interview department heads
IMS objectives register
☐
☐
☐
6.2.1
Are objectives measurable (or evaluable), consistent with policy, and take into account applicable requirements and significant aspects/risks?
Review objectives for SMART criteria
Objectives with KPIs/targets
☐
☐
☐
6.2.1
Are objectives communicated to all relevant workers and monitored?
Interview workers; check monitoring records
KPI dashboards, objective monitoring records
☐
☐
☐
6.2.2
Are action plans for objectives documented including: what/who/when/how to evaluate results?
Review objective action plans
Objective action plans
☐
☐
☐
6.2.2
Is progress against objectives tracked and reported to management?
Review management review agenda and KPI reports
Management review minutes, KPI reports
☐
☐
☐
6.3 Planning of Changes (QMS)
6.3 QMS
When changes to the QMS are needed, are they carried out in a planned manner (purpose, consequences, resources, responsibilities)?
Review change management procedure; sample change records
Change management procedure, change request records
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
7. SUPPORT [ISO 9001 §7 | ISO 14001 §7 | ISO 45001 §7]
7.1 Resources
7.1.1
Has the organization determined and provided the resources needed to establish, implement, maintain, and improve the IMS?
Review resource allocation; interview managers
Resource plan, budget
☐
☐
☐
7.1.2
Are competent persons assigned to perform work affecting quality, environment, and OH&S performance?
Review competency matrix; sample personnel records
Competency matrix, personnel files
☐
☐
☐
7.1.3
Is the infrastructure (buildings, equipment, IT, transport) identified and maintained for process conformity?
Review infrastructure list; verify maintenance records
Asset register, maintenance records
☐
☐
☐
7.1.4
Is the work environment (physical, social, psychological) managed to ensure conformity of products/services and worker well-being?
Review work environment assessments; interview workers
Workplace assessment records, well-being program records
☐
☐
☐
7.1.5
Are monitoring and measuring resources identified, calibrated/verified, and maintained?
Sample calibration records; verify traceability
Calibration register, calibration certificates
☐
☐
☐
7.1.6
Is organizational knowledge identified, maintained, and made available where needed?
Review knowledge management procedure; check lesson learned records
Knowledge base, lessons learned log
☐
☐
☐
7.2 Competence
7.2
Has the organization determined the necessary competence of persons performing work affecting IMS performance?
Review competency requirements in job descriptions
Competency framework, job descriptions
☐
☐
☐
7.2
Are competence gaps identified and training/actions taken to address them?
Review training needs analysis and training records
Training needs analysis, training records
☐
☐
☐
7.2
Is evidence of competence retained (certificates, test results, qualifications)?
Sample competency evidence files
Training certificates, qualification records
☐
☐
☐
7.2 OH&S
Is OH&S-specific competency defined and verified for all workers performing tasks with significant OH&S risks?
Review OH&S competency matrix; sample records for high-risk roles
OH&S competency matrix, safety training records
☐
☐
☐
7.3 Awareness
7.3
Are workers aware of the IMS policy, their contribution to IMS effectiveness, the benefits of improved performance, and implications of not conforming?
Interview workers at various levels; test awareness
Awareness training records, communication records
☐
☐
☐
7.3 EMS
Are workers aware of significant environmental aspects, their personal environmental impacts, and the environmental benefits of improved performance?
Interview workers; review environmental awareness records
EMS awareness training records
☐
☐
☐
7.3 OH&S
Are workers aware of OH&S hazards, risks, and controls relevant to their work; rights to remove themselves from imminent danger; and the worker consultation process?
Interview workers; review OH&S awareness toolbox talks
OH&S awareness records, toolbox talk records
☐
☐
☐
7.4 Communication
7.4
Is a communication plan established defining what/when/with whom/how/who communicates (both internal and external)?
Review communication plan; verify execution records
IMS communication plan
☐
☐
☐
7.4 EMS
Does external communication on environmental matters comply with compliance obligations?
Review external communication records and compliance obligations
External communications log
☐
☐
☐
7.4 OH&S
Does the OH&S communication process allow workers to contribute to identifying hazards and reporting incidents without fear of reprisal?
Interview workers; review reporting culture evidence
OH&S communication channels, near-miss reporting data
☐
☐
☐
7.4 OH&S
Are external parties (contractors, visitors) communicated with about relevant OH&S information?
Review contractor communication procedures and records
Contractor induction records
☐
☐
☐
7.5 Documented Information
7.5.1
Does the IMS include all required documented information (mandatory procedures + additional docs determined necessary)?
Verify against mandatory requirements checklist
IMS document master list
☐
☐
☐
7.5.2
Is documented information properly identified (title, date, author, reference number) and in an appropriate format and media?
Sample 10+ documents for identification compliance
Document identification convention
☐
☐
☐
7.5.3
Is there a document control procedure covering: distribution, access, retrieval, storage, version control, and disposal?
Review document control procedure
Document control procedure
☐
☐
☐
7.5.3
Are all external documents of external origin (standards, legislation, customer specs) identified and controlled?
Sample external documents; verify control stamps/registers
External documents register, controlled copy stamps
☐
☐
☐
7.5.3
Are obsolete documents prevented from unintended use (recalled, clearly marked)?
Spot check for obsolete documents in use on floor
Obsolete document control records
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
8. OPERATION [ISO 9001 §8 | ISO 14001 §8 | ISO 45001 §8]
8.1 Operational Planning and Control
8.1 QMS
Are processes for meeting requirements for products/services planned and controlled with acceptance criteria?
Review process instructions; sample production/service records
Process control plans, work instructions
☐
☐
☐
8.1 EMS
Are operational controls (procedures, work instructions) in place for all processes associated with significant environmental aspects?
Verify linkage between SEAs and operational controls
SEA control matrix, environmental procedures
☐
☐
☐
8.1 EMS
Are controls in place for consistency with life cycle perspective (design, procurement, delivery, end-of-life)?
Review procurement and design controls with EMS criteria
Procurement procedure with EMS requirements, design review records
☐
☐
☐
8.1 OH&S
Have operational controls been established using the hierarchy of controls for significant OH&S risks?
Review control selection for top-risk activities
OH&S risk assessment with control hierarchy
☐
☐
☐
8.1 OH&S
Are management of change processes in place for planned changes (new processes, equipment, chemicals, organizational changes) with pre-change risk assessment?
Review management of change procedure; sample records
MOC procedure, pre-change risk assessments
☐
☐
☐
8.1 OH&S
Are procurement controls in place to ensure contractors and purchased goods/services meet OH&S requirements?
Review contractor management procedure; sample contractor records
Contractor management procedure, approved vendor list
☐
☐
☐
8.2 Requirements for Products and Services (QMS)
8.2.1
Are customer communication processes in place covering information, inquiries, orders, changes, feedback, and complaints?
Review customer communication procedure and records
Customer communication procedure, complaint log
☐
☐
☐
8.2.2
Are requirements for products/services reviewed before committing to supply, including statutory/regulatory requirements?
Sample tender/contract/order review records
Contract/order review records
☐
☐
☐
8.2.3
Are changes to product/service requirements reviewed and communicated to relevant persons?
Sample change order records; verify communication
Engineering change notices, change order records
☐
☐
☐
8.3 Design and Development (QMS)
8.3
Is a design and development procedure established covering: planning, inputs, controls (reviews, verification, validation), outputs, and changes?
Review D&D procedure; sample project records
D&D procedure, design review records
☐
☐
☐
8.3.3
Are D&D inputs (functional/performance requirements, applicable standards, legal requirements, failure mode information) defined and reviewed?
Sample D&D input records for recent projects
D&D input specifications
☐
☐
☐
8.3.5
Are D&D outputs documented, meet input requirements, and include monitoring/measurement specifications?
Sample D&D output documents; verify acceptance criteria
D&D output documentation, drawings, specifications
☐
☐
☐
8.3.6
Are D&D changes identified, controlled, and reviewed to prevent adverse impacts on conformity?
Sample D&D change records; verify impact assessments
D&D change control records
☐
☐
☐
8.4 Control of Externally Provided Processes, Products, and Services (QMS)
8.4.1
Are externally provided processes/products/services controlled with defined selection, evaluation, and re-evaluation criteria?
Review supplier evaluation procedure and records
Supplier evaluation procedure, approved vendor list
☐
☐
☐
8.4.2
Do purchasing documents/contracts clearly specify requirements including competence, interactions, and IMS requirements?
Sample purchase orders and contracts
Purchase orders, contracts, supplier requirements
☐
☐
☐
8.4.3
Is verification of purchased products/services conducted against specified requirements?
Sample receiving inspection/acceptance records
Receiving inspection records
☐
☐
☐
8.5 Production and Service Provision (QMS)
8.5.1
Are products/services produced and delivered under controlled conditions (work instructions, suitable equipment, monitoring activities, inspection points)?
Observe production/service delivery; review work instructions
Work instructions, process control plans
☐
☐
☐
8.5.2
Is product/service identification and traceability maintained throughout production and delivery where required?
Sample traceability records; verify unique identification
Traceability records, batch records, labeling
☐
☐
☐
8.5.3
Is customer/external property identified, protected, and safeguarded? Are losses/damages reported to the owner?
Review customer property control procedure and records
Customer property register, damage/loss reports
☐
☐
☐
8.5.4
Are products preserved (handling, storage, packaging, protection) throughout processing and delivery?
Inspect storage areas; review preservation procedures
Preservation procedure, FIFO/FEFO evidence
☐
☐
☐
8.5.5
Are post-delivery activities (warranty, maintenance, recycling) defined and controlled where applicable?
Review post-delivery process and customer feedback records
Post-delivery procedure, warranty/service records
☐
☐
☐
8.5.6
Are changes in production/service provision reviewed and controlled, with retained documented information on review results?
Sample change records; review change control process
Production change control records
☐
☐
☐
8.6 Release of Products and Services (QMS)
8.6
Are planned arrangements implemented to verify products/services meet requirements before release?
Sample final inspection/test records
Final inspection records, release authorization
☐
☐
☐
8.6
Is there documented evidence of conformity to acceptance criteria with traceability to authorizing person?
Verify release signatures/approvals on records
Release/inspection records with signatures
☐
☐
☐
8.7 Control of Nonconforming Outputs (QMS)
8.7
Is there a procedure for identifying, segregating, and controlling nonconforming products/services?
Review NCR procedure; observe NCR area/tags
Nonconformance control procedure
☐
☐
☐
8.7
Are disposition decisions (rework, reject, concession, scrap) documented and authorized?
Sample NCRs for disposition records and authorization
NCR records with disposition evidence
☐
☐
☐
8.7
Is corrective action taken on nonconformances to prevent recurrence?
Sample NCRs for associated corrective actions
NCR log with CA linkage
☐
☐
☐
8.8 Emergency Preparedness and Response (EMS & OH&S)
8.8 EMS/OH&S
Are potential emergency situations identified (chemical spill, fire, explosion, natural disaster, workplace violence)?
Review emergency scenario analysis
Emergency scenario register
☐
☐
☐
8.8 EMS/OH&S
Are emergency response plans documented for each identified scenario, including roles, resources, and communication steps?
Review emergency response plans for completeness
Emergency response plans, emergency contact lists
☐
☐
☐
8.8 OH&S
Does the emergency plan address the specific needs of all workers (including contractors, visitors, workers with disabilities)?
Review plan for all-worker coverage; verify contractor briefing records
Emergency plan with worker-specific sections
☐
☐
☐
8.8
Are emergency drills conducted at planned intervals with results documented and improvements made?
Review drill records; verify frequency meets requirements
Drill records, drill evaluation reports, improvement actions
☐
☐
☐
8.8 EMS
Are relevant external parties (regulators, emergency services, community) included in emergency response planning?
Review external communication plan for emergencies
External emergency communication plan
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
9. PERFORMANCE EVALUATION [ISO 9001 §9 | ISO 14001 §9 | ISO 45001 §9]
9.1 Monitoring, Measurement, Analysis, and Evaluation
9.1.1
Has the organization determined what needs to be monitored and measured, methods, when, and when results shall be analyzed?
Review monitoring and measurement plan
M&M plan, KPI register
☐
☐
☐
9.1.1 EMS
Are environmental performance indicators (EPIs) defined and monitored against objectives and targets?
Review EPI data and trend analysis
EPI register, EMS performance reports
☐
☐
☐
9.1.1 OH&S
Are both leading (proactive) and lagging (reactive) OH&S performance indicators monitored?
Review OH&S KPI dashboard for leading/lagging balance
OH&S KPI dashboard, safety statistics
☐
☐
☐
9.1.2 QMS
Is customer satisfaction monitored using defined methods (surveys, complaints, NPS, repeat business)?
Review customer satisfaction monitoring procedure and data
Customer satisfaction survey results, complaint statistics
☐
☐
☐
9.1.3
Are data and information analyzed to evaluate conformity, degree of objective achievement, process performance, and improvement opportunities?
Review analysis reports; interview data analyst/QM
Statistical analysis reports, trend charts
☐
☐
☐
9.2 Internal Audit
9.2
Is an internal audit program established, implemented, and maintained covering all IMS requirements?
Review audit program and schedule
Annual audit program, audit schedule
☐
☐
☐
9.2
Are audit criteria, scope, frequency, and methods defined and risk-based (higher risk areas audited more frequently)?
Review audit criteria and frequency rationale
Audit criteria matrix, risk-based audit schedule
☐
☐
☐
9.2
Are auditors selected to ensure objectivity and impartiality (no self-audit)?
Review auditor independence records; check assignments
Auditor independence matrix, audit assignments
☐
☐
☐
9.2
Are audit results reported to relevant management with documented findings?
Review audit reports; sample for completeness
Audit reports, NC findings
☐
☐
☐
9.2
Are nonconformities from internal audits addressed through the corrective action process without undue delay?
Sample audit NCs; verify CA status and closure
Corrective action log linked to audit findings
☐
☐
☐
9.2
Are internal audit records retained as evidence of the audit program implementation and results?
Sample audit files; verify retention
Audit records (plans, checklists, reports)
☐
☐
☐
9.3 Management Review
9.3
Is the IMS reviewed by top management at planned intervals for continuing suitability, adequacy, and effectiveness?
Review management review schedule and last review date
Management review schedule
☐
☐
☐
9.3.2
Does the management review input include all required items: status of previous actions, changes in context, performance data, NCs & CAs, opportunities for improvement, audit results, customer feedback, supplier performance, objectives status?
Review management review agenda; verify all inputs covered
Management review agenda, input reports
☐
☐
☐
9.3.3
Does the management review output include decisions/actions on improvement opportunities, resource needs, and any changes to the IMS?
Review management review minutes for output completeness
Management review minutes with action items
☐
☐
☐
9.3
Are management review records retained and actions tracked to closure?
Sample action items from review; verify follow-up
Management review minutes, action tracking log
☐
☐
☐
9.4 Compliance Evaluation (EMS & OH&S)
9.1.2 EMS
Is there a procedure for periodically evaluating compliance with applicable legal and other environmental requirements?
Review compliance evaluation procedure
Compliance evaluation procedure
☐
☐
☐
9.1.2 OH&S
Is compliance with OH&S legal and other requirements evaluated at defined intervals with records retained?
Review OH&S compliance evaluation schedule and records
OH&S compliance evaluation records
☐
☐
☐
9.1.2
Are instances of non-compliance identified, acted upon, and tracked to closure?
Sample compliance findings; verify corrective actions
Compliance NCRs, corrective action log
☐
☐
☐
9.1.2
Is the frequency of compliance evaluations commensurate with the significance of requirements and rate of change?
Verify frequency logic and last evaluation dates
Compliance evaluation schedule with rationale
☐
☐
☐
Clause Ref.
Requirement / Audit Question
Audit Method / Evidence
Documents to Review
C
NC
OBS
10. IMPROVEMENT [ISO 9001 §10 | ISO 14001 §10 | ISO 45001 §10]
10.1 General
10.1
Has the organization determined and selected opportunities for improvement to meet customer requirements, enhance customer satisfaction, improve products/services, correct/prevent/reduce undesired effects, and improve IMS performance?
Review improvement opportunity register; interview QM/EMS/OH&S coordinators
Improvement register, management review outputs
☐
☐
☐
10.2 Nonconformity and Corrective Action
10.2
Is there a documented process for handling nonconformities including: react, review, determine root cause, implement corrective action, and effectiveness review?
Review CA procedure; verify all steps are addressed
Corrective action procedure
☐
☐
☐
10.2
Are root cause analyses conducted for nonconformities using appropriate methodologies (5-Why, fishbone, 8D, etc.)?
Sample 10+ CARs; verify root cause quality
CAR records with root cause analyses
☐
☐
☐
10.2
Are corrective actions appropriate to the significance and root cause of the nonconformity?
Assess adequacy of actions vs. root cause
CAR records with action plans
☐
☐
☐
10.2
Is effectiveness of corrective actions reviewed and verified with documented evidence?
Sample closed CARs; verify effectiveness evidence
Effectiveness verification records
☐
☐
☐
10.2 OH&S
Are incidents (injuries, ill health, near misses, dangerous occurrences) investigated using the CA process with root cause analysis?
Review incident investigation procedure and recent records
Incident investigation reports, CARs
☐
☐
☐
10.2 OH&S
Are incidents reported to relevant authorities (labor department, health & safety regulator) within required timeframes?
Verify statutory reporting requirements and recent reports submitted
Incident reports to authorities, statutory reporting log
☐
☐
☐
10.2
Are nonconformity and corrective action records retained as documented evidence?
Verify retention of CAR records
CAR register, individual CAR records
☐
☐
☐
10.2
Is corrective action information reviewed to identify systemic issues and communicated to other relevant parts of the organization?
Review systemic analysis; check cross-functional CA communication
Systemic analysis reports, CA communication records
☐
☐
☐
10.3 Continual Improvement
10.3
Is there evidence of continual improvement in suitability, adequacy, and effectiveness of the IMS over time?
Review trend analysis of KPIs, audit findings, customer satisfaction, OH&S stats, environmental performance over multiple periods
Multi-year KPI trend reports, management review comparisons
☐
☐
☐
10.3
Are improvement initiatives tracked, prioritized, and resourced as part of normal management practice?
Review improvement register and resource allocation evidence
Improvement register, improvement project tracking
☐
☐
☐
10.3
Does the organization seek to go beyond minimum compliance to proactively improve environmental and OH&S performance?
Interview EMS/OH&S coordinators; review voluntary initiatives
Voluntary improvement programs, beyond-compliance initiatives
☐
☐
☐
AUDIT SUMMARY
Overall Results by Section
IMS Section
Conformities (C)
Nonconformities (NC)
Observations (OBS)
4. Context of the Organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement
TOTALS
Overall Audit Conclusion
Overall Audit Conclusion:
☐ IMS is effective and conforms to requirements — recommend certification/continuation
☐ IMS is effective but with minor nonconformities — corrective action required within 90 days
☐ Major nonconformities identified — corrective action required; re-audit required before recommendation
☐ Critical nonconformities — immediate suspension/withdrawal action recommended
Auditor Sign-Off
Role
Name & Signature
Date
Comments
Lead Auditor
Audit Team Member
Audit Team Member
Auditee Representative
Management Representative