Industry Insights 30 June 2025 10 min ISO Xpert TeamLast updated 30 June 2025

ISO 9001:2015

Quality Management System

Internal Audit Checklist

Organization:

Audit Date:

Lead Auditor:

Audit Ref No.:

Auditee(s):

Scope/Area:

Instructions for Use

This checklist covers all clauses of ISO 9001:2015 (Clauses 4–10). For each audit item, review the stated requirement, gather objective evidence as guided, assign a rating, and record findings in the notes column.

Use the rating codes below. Attach supporting evidence references (document numbers, interview notes) to each finding.

Rating Legend

✓ Conforming

OFI Opportunity

MNC Minor NC

MJC Major NC

N/A Not Applicable

☐ Not Yet Audited

Clause 4: Context of the Organization

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

4.1

The organization has determined external and internal issues relevant to its purpose and strategic direction.

Review SWOT/PESTLE analysis, strategic plans, management meeting minutes.

☐

4.1

External and internal issues are monitored and reviewed to reflect changes in context.

Check for regular review records (e.g., management review outputs).

☐

4.2

Interested parties relevant to the QMS have been identified.

Review stakeholder register or equivalent document.

☐

4.2

Requirements of relevant interested parties have been determined and are monitored.

Verify requirements list is documented and updated.

☐

4.3

The scope of the QMS is defined, documented, and available.

Review scope statement; verify exclusions are justified.

☐

4.3

Applicable requirements and processes are identified within the defined scope.

Confirm scope aligns with products/services offered.

☐

4.4

Processes needed for the QMS are established, implemented, and maintained.

Review process maps or turtle diagrams for all key processes.

☐

4.4

Process inputs, outputs, sequence, interactions, and responsibilities are defined.

Check process documentation for owners and KPIs.

☐

4.4

Risks and opportunities for processes are determined and addressed.

Verify risk registers reference process-level risks.

☐

Clause 5: Leadership

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

5.1.1

Top management demonstrates leadership and commitment to the QMS.

Interview top management; review quality policy sign-off and meeting attendance.

☐

5.1.1

Top management ensures quality policy and objectives are established and compatible with strategic direction.

Confirm policy is reviewed and signed by top management.

☐

5.1.1

Top management promotes a customer focus culture throughout the organization.

Check communications, training records, and customer satisfaction initiatives.

☐

5.1.2

Customer and statutory/regulatory requirements are determined and met.

Review contract review procedures and legal compliance logs.

☐

5.1.2

Risks that can affect product/service conformity are determined and addressed.

Confirm risk assessments include customer-facing risks.

☐

5.2.1

A quality policy is established, appropriate, and includes a commitment to continual improvement.

Review quality policy document for required elements.

☐

5.2.2

The quality policy is available, communicated, and understood within the organization.

Verify display locations, intranet access, and staff awareness via interviews.

☐

5.3

Roles, responsibilities, and authorities are assigned and communicated.

Review org charts, job descriptions, and responsibility matrices.

☐

Clause 6: Planning

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

6.1.1

Risks and opportunities that could affect QMS conformity are identified.

Review risk register; confirm methodology is documented.

☐

6.1.2

Actions to address risks and opportunities are planned, implemented, and evaluated.

Check action plans for risk treatment; verify effectiveness reviews.

☐

6.2.1

Quality objectives are established at relevant functions, levels, and processes.

Confirm objectives are SMART and aligned with the quality policy.

☐

6.2.2

Plans to achieve quality objectives are defined (what, who, when, how).

Review objective tracking sheets or scorecards.

☐

6.3

Changes to the QMS are planned and carried out in a controlled manner.

Check change management procedure and recent change records.

☐

Clause 7: Support

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

7.1.1

Resources needed for the QMS are determined and provided.

Review resource planning records and budget allocations.

☐

7.1.2

Competent personnel are provided for effective QMS operation.

Verify staffing levels meet process requirements.

☐

7.1.3

Infrastructure required for operation is determined and maintained.

Review maintenance schedules, equipment lists, and calibration records.

☐

7.1.4

Work environment (human and physical factors) is managed.

Check workplace assessments, ergonomic studies, and environmental monitoring.

☐

7.1.5.1

Monitoring and measuring resources are suitable, maintained, and fit for purpose.

Review calibration records; confirm traceability to national standards.

☐

7.1.5.2

Measurement traceability is maintained; calibration status is known.

Confirm equipment labels, calibration certificates, and recall systems.

☐

7.1.6

Organizational knowledge is determined, maintained, and made available.

Review knowledge management systems, lessons learned, technical libraries.

☐

7.2

Personnel competence is determined, ensured, and documented.

Review competency matrices, training records, and qualifications.

☐

7.3

Personnel are aware of the quality policy, objectives, and their contribution to the QMS.

Interview staff; review onboarding and awareness training records.

☐

7.4

Internal and external communications relevant to the QMS are determined and managed.

Review communication plans and records (meetings, emails, notices).

☐

7.5.1

Documented information required by the QMS and the standard is available.

Review document list against ISO 9001 requirements.

☐

7.5.2

Documented information is adequately created and updated (format, review, approval).

Verify document control procedure; check approval signatures and version control.

☐

7.5.3

Documented information is controlled (availability, protection, distribution, retention).

Check document control system; verify access controls and retention schedules.

☐

Clause 8: Operation

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

8.1

Operational processes are planned, implemented, and controlled.

Review operational procedures; confirm criteria and controls are in place.

☐

8.2.1

Customer communication processes are established.

Review customer communication procedures and records.

☐

8.2.2

Requirements for products and services are determined before acceptance.

Review tender/quotation processes and statutory requirement checklists.

☐

8.2.3

Requirements are reviewed before commitment to supply.

Check contract review records; confirm differences are resolved.

☐

8.2.4

Changes to requirements for products and services are communicated and documented.

Verify change order processes and updated records.

☐

8.3.1

A process for design and development of products/services is established (if applicable).

Review design & development procedure; confirm applicability.

☐

8.3.2

Design and development planning includes stages, reviews, verification, and validation.

Check project plans and design review records.

☐

8.3.3

Design and development inputs are determined and documented.

Review input requirement records, functional requirements, safety standards.

☐

8.3.4

Controls for design and development (reviews, verification, validation) are implemented.

Review design review meeting minutes and approval records.

☐

8.3.5

Design and development outputs meet input requirements.

Check sign-off records, drawings, and specifications.

☐

8.3.6

Design and development changes are identified, reviewed, and controlled.

Verify design change control records and approval logs.

☐

8.4.1

Externally provided processes, products, and services conform to requirements.

Review supplier approval process and approved supplier list.

☐

8.4.2

Controls applied to external providers are defined and communicated.

Review purchase orders, specifications, and supplier quality agreements.

☐

8.4.3

Adequate information is communicated to external providers.

Check purchase orders for completeness of technical requirements.

☐

8.5.1

Production/service provision is carried out under controlled conditions.

Review work instructions, process controls, and monitoring records.

☐

8.5.2

Outputs are identified and traceability is maintained where required.

Check labeling, tagging, batch records, and traceability systems.

☐

8.5.3

Property belonging to customers or external providers is identified, verified, and safeguarded.

Review records of customer-supplied materials or tooling.

☐

8.5.4

Outputs are preserved to maintain conformity during internal processing and delivery.

Check packaging, storage, and handling procedures.

☐

8.5.5

Post-delivery activities are addressed (warranty, maintenance, recycling).

Review post-delivery service records and warranty procedures.

☐

8.5.6

Changes to production/service provision are reviewed and controlled.

Verify change control records and re-validation activities.

☐

8.6

Release of products/services occurs only when planned arrangements are verified.

Check inspection records, test reports, and approval signatures.

☐

8.7

Nonconforming outputs are identified and controlled to prevent unintended use.

Review NCR system; verify disposition records and customer notification.

☐

Clause 9: Performance Evaluation

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

9.1.1

Monitoring, measurement, analysis, and evaluation processes are determined.

Review QMS performance monitoring plan and KPI dashboard.

☐

9.1.2

Customer satisfaction is monitored and actions are taken based on results.

Review customer survey results, complaints, and satisfaction trends.

☐

9.1.3

Data and information from monitoring and measurement are analyzed and evaluated.

Check statistical reports, trend analysis, and management review inputs.

☐

9.2.1

Internal audits are conducted at planned intervals.

Review audit schedule; confirm all areas/processes are covered annually.

☐

9.2.2

Internal audit program is planned considering importance, changes, and previous results.

Check audit program; verify auditor competence and independence.

☐

9.3.1

Management reviews are conducted at planned intervals.

Review management review meeting minutes and frequency.

☐

9.3.2

Management review inputs include all required topics (audit results, performance data, etc.).

Cross-check minutes against clause 9.3.2 input list.

☐

9.3.3

Management review outputs include decisions on improvement and resource needs.

Verify action items are assigned, tracked, and closed.

☐

Clause 10: Improvement

Ref.

Audit Requirement

Guidance / Evidence to Seek

Rating

Auditor Notes / Findings

10.1

Opportunities for improvement are determined and implemented.

Review improvement register, suggestion systems, and innovation records.

☐

10.2.1

Nonconformities are identified, reacted to, and corrective actions are taken.

Review NCR/CAR log; confirm root cause analysis methodology.

☐

10.2.2

Corrective actions are appropriate to the effects of the nonconformities found.

Verify actions address root cause, not just symptoms.

☐

10.2.2

Effectiveness of corrective actions is reviewed and documented.

Check follow-up reviews and closure criteria in CAR records.

☐

10.3

Continual improvement of the QMS suitability, adequacy, and effectiveness is pursued.