Scribd
Upload
27 views

15.1 Appendix 1 Internal Audit Checklist EN

This document contains an internal audit checklist for an organization to assess its compliance with the requirements of ISO 9001:2015. The checklist includes over 50 questions addressing the organization's quality management system, processes, leadership involvement, risk management and more.

Uploaded by

Carlos Lazzarini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views

15.1 Appendix 1 Internal Audit Checklist EN

This document contains an internal audit checklist for an organization to assess its compliance with the requirements of ISO 9001:2015. The checklist includes over 50 questions addressing the organization's quality management system, processes, leadership involvement, risk management and more.

Uploaded by

Carlos Lazzarini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 20

[organization name]

Appendix 1 – Internal Audit Checklist for ISO 9001:2015


ISO 9001 Requirement of the standard Compliant Evidence
Clause Yes/No
4.1-1 Did the organization determine external and
internal issues relevant to its purpose?
4.1-2 Does the organization monitor and review
information about internal and external issues
relevant to its purpose?
4.2-1 Did the organization determine interested parties
that are relevant to its QMS?
4.2-2 Did the organization determine relevant needs and
expectations of the interested parties?
4.2-3 Does the organization monitor and review
information about needs and expectations relevant
to its purpose?
4.3 Has the organization determined boundaries and
applicability of its QMS?
4.3-1 When determining the scope, had the organization
considered external and internal issues referred to
in 4.1?
4.3-2 When determining the scope, had the organization
considered requirements of relevant interested
parties referred to in 4.2?
4.3-3 When determining the scope, had the organization
determined its services and products?
4.3-4 Does the organization maintain documented
information about the scope of its QMS?
4.3-5 Did the organization exclude any requirement from
the scope of its QMS?
4.4-1 Does the organization continually improve its
QMS?
4.4-2 Did the organization determine processes needed
for its QMS?
4.4-3 Did the organization determine method of
application of its processes needed for the QMS?
4.4-4 Did the organization determine required inputs?
4.4-5 Did the organization determine expected outputs
from its processes?
4.4-6 Did the organization determine sequence and
interaction of its processes?
4.4-7 Does the organization determine and apply the
criteria and methods needed to ensure the
effective operation and control of its processes?
4.4-8 Does the organization determine performance
indicators, how to monitor and measure effective
operation and control of its processes?
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 1 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

4.4-9 Did the organization determine the resources


needed for its processes and ensure their
availability?
4.4-10 Did the organization assign the responsibilities and
authorities for its processes?
4.4-11 Did the organization address the risks and
opportunities as determined in accordance with
the requirements of 6.1?
4.4-12 Does the organization evaluate its processes and
implement necessary changes in order to achieve
intended results?
4.4-13 Does the organization improve the processes and
the Quality Management System?
4.4-14 Does the organization retain documented
information to have confidence that the processes
are being carried out as planned?
5.1.1-1 Does the top management demonstrate leadership
and commitment to the QMS?
5.1.1-2 Does the top management take accountability for
the effectiveness of the QMS?
5.1.1-3 Does the top management ensure that the Quality
Policy and quality objectives are established for the
QMS?
5.1.1-4 Does the top management ensure that the Quality
Policy and quality objectives are compatible with
the context and strategic direction of the
organization?
5.1.1-5 Does the top management ensure integration of
the QMS requirements into the organization’s
business processes?
5.1.1-6 Does the top management promote the use of the
process approach and risk-based thinking?
5.1.1-7 Does the top management ensure availability of
resources needed for the QMS?
5.1.1-8 Does the top management communicate the
importance of an effective QMS and conforming to
its requirements?
5.1.1-9 Does the top management ensure that the QMS
achieves its intended results?
5.1.1-10 Does the top management engage, direct, and
support persons to contribute to the effectiveness
of the QMS?
5.1.1-11 Does the top management promote QMS
improvement?
5.1.1-12 Does the top management support other relevant
management roles to demonstrate their leadership
as it applies to their areas of responsibility?
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 2 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

5.1.2-1 Does the top management demonstrate leadership


and commitment with respect to customer focus?
5.1.2-2 Did the top management ensure that customer and
applicable statutory and regulatory requirements
are determined, understood, and consistently
met?
5.1.2-3 Did the top management ensure that risk and
opportunities that can affect conformity of
products and services and the ability to enhance
customer satisfaction are determined and
addressed?
5.1.2-4 Did the top management ensure that the focus on
enhancing customer satisfaction is maintained?
5.2.1-1 Did the top management establish, implement,
and maintain the Quality Policy?
5.2.1-2 Did the top management ensure that the Quality
Policy is appropriate to the purpose and context of
the organization and supports its strategic
direction?
5.2.1-3 Did the top management ensure that the Quality
Policy provides a framework for setting quality
objectives?
5.2.1-4 Did the top management ensure that the Quality
Policy includes a commitment to satisfy applicable
requirements?
5.2.1-5 Did the top management ensure that the Quality
Policy includes a commitment to continual
improvement of the QMS?
5.2.2-1 Did the organization ensure that the Quality Policy
is maintained as documented information?
5.2.2-2 Did the top management ensure that the Quality
Policy is communicated, understood, and applied
within the organization?
5.2.2-3 Does the organization ensure that the Quality
Policy is available to relevant interested parties, as
appropriate?
5.3-1 Did the top management ensure that the
responsibilities and authorities for relevant roles
are assigned, communicated, and understood
within the organization?
5.3-2 Does the top management assign responsibility
and authority to ensure that the QMS conforms to
the requirements of ISO 9001:2015?
5.3-3 Does the top management assign responsibility
and authority to ensure that the processes deliver
intended outputs?
5.3-4 Does the top management assign responsibility

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 3 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

and authority to ensure reporting on the


performance of the QMS and on opportunities for
improvement, in particular to top management?
5.3-5 Does the top management assign responsibility
and authority to ensure promotion of customer
focus throughout the organization?
5.3-6 Does the top management assign responsibility
and authority to ensure maintenance of the
integrity of its QMS when changes to the QMS are
planned and implemented?
6.1.1-1 When planning for the QMS, did the organization
consider the issues from 4.1 and 4.2 and determine
the risks and opportunities?
6.1.1-2 Does the organization give assurance that the QMS
can achieve its intended results?
6.1.1-3 Does the organization enhance desirable effects?
6.1.1-4 Does the organization prevent or reduce undesired
effects?
6.1.1-5 Does the organization achieve improvement?
6.1.2-1 Does the organization plan actions to address risks
and opportunities?
6.1.2-2 Does the organization plan how to integrate and
implement the actions into its QMS processes?
6.1.2-3 Does the organization plan how to evaluate the
effectiveness of these actions?
6.1.2-4 Does the organization ensure that actions taken to
address risks and opportunities are proportionate
to the potential impact on the conformity of
products and services?
6.2.1-1 Did the organization establish quality objectives at
relevant functions, levels, and processes needed
for the QMS?
6.2.1-2 Are quality objectives consistent with the Quality
Policy?
6.2.1-3 Are quality objectives measurable?
6.2.1-4 When setting quality objectives, did the
organization take into account applicable
requirements?
6.2.1-5 Are quality objectives relevant for conformity of
products and services and to enhancement of
customer satisfaction?
6.2.1-6 Does the organization monitor its quality
objectives?
6.2.1-7 Does the organization communicate its quality
objectives?
6.2.1-8 Does the organization update its quality objectives,
as appropriate?
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 4 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

6.2.1-9 Does the organization maintain documented


information on the quality objectives?
6.2.2-1 When planning how to achieve its quality
objectives, did the organization determine what
will be done?
6.2.2-1 When planning how to achieve its quality
objectives, did the organization determine what
resources will be required?
6.2.2-2 When planning how to achieve its quality
objectives, did the organization determine who will
be responsible?
6.2.2-3 When planning how to achieve its quality
objectives, did the organization determine
completion date?
6.2.2-4 When planning how to achieve its quality
objectives, did the organization determine how the
results will be evaluated?
6.3-1 Did the organization carry out needed changes in a
planned manner?
6.3-2 Does the organization consider the purpose of the
changes and their potential consequences?
6.3-3 Does the organization consider the integrity of the
QMS?
6.3-4 Does the organization determine availability of
resources?
6.3-5 Does the organization ensure proper allocation or
reallocation of responsibilities and authorities?
7.1.1-1 Does the organization determine and provide the
resources needed for the establishment,
implementation, maintenance, and continual
improvement of the QMS?
7.1.1-2 Does the organization consider the capabilities of,
and constraints on, existing internal resources?
7.1.2-1 Does the organization determine and provide the
persons necessary for the effective implementation
of its QMS?
7.1.2-2 Does the organization determine and provide the
persons necessary for the effective operation and
control of its processes?
7.1.3-1 Does the organization determine, provide, and
maintain the environment necessary for the
operation of its processes?
7.1.3-2 Does the organization determine, provide, and
maintain the environment necessary for achieving
operation and control of its processes?
7.1.4-1 Does the organization determine, provide, and
maintain the environment necessary for achieving
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 5 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

operation and conformity of its processes?


7.1.5.1-1 Does the organization determine and provide the
resources needed to ensure valid and reliable
results when monitoring and measuring is used to
verify the conformity of products and services?
7.1.5.1-2 Does the organization ensure that the provided
resources are suitable for the specific type of
monitoring and measurement activities?
7.1.5.1-3 Does the organization ensure that the provided
resources are maintained to ensure their
continuing fitness for their purpose?
7.1.5.1-4 Does the organization retain appropriate
documented information as evidence of the fitness
for purpose of the monitoring and measurement
resources?
7.1.5.2-1 Does the organization calibrate or verify measuring
equipment?
7.1.5.2-2 Does the organization calibrate or verify measuring
equipment against measurement standards
traceable to international or national
measurement standards?
7.1.5.2-3 Does the organization safeguard its measuring
equipment from adjustments, damage, or
deterioration that would invalidate the calibration
status and subsequent measurement results?
7.1.5.2-4 Does the organization take appropriate action
when measuring equipment is found to be unfit for
its intended purpose?
7.1.6-1 Did the organization determine knowledge
necessary for the operation of its processes and to
achieve conformity of products and services?
7.1.6-2 Does the organization access current knowledge
when determining necessity of additional
knowledge?
7.2-1 Does the organization determine necessary
competence of its employees?
7.2-2 Does the organization ensure that employees are
competent on the basis of appropriate education,
training, or experience?
7.2-3 Does the organization take action to acquire the
necessary competence, and evaluate the
effectiveness of the actions taken?
7.2-4 Does the organization retain appropriate
documented information as evidence of
competence?
7.3-1 Are employees aware of the Quality Policy?
7.3-2 Are employees aware of relevant quality
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 6 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

objectives?
7.3-3 Are employees aware of their contribution to the
effectiveness of the QMS?
7.3-4 Are employees aware of the implications of not
conforming to the QMS requirements?
7.4-1 Does the organization determine what it will
communicate?
7.4-2 How does the organization determine when to
communicate?
7.4-3 How does the organization determine with whom
to communicate?
7.4-4 How does the organization determine who
communicates?
7.5.1-1 Does the organization’s QMS include documented
information required by the ISO 9001:2015
standard?
7.5.1-2 Does the organization’s QMS include documented
information determined by the organization as
being necessary for the effectiveness of the QMS?
7.5.2-1 Does the organization ensure appropriate
identification and description when creating and
updating documented information?
7.5.2-2 Does the organization ensure appropriate format
when creating and updating documented
information?
7.5.2-3 Does the organization ensure appropriate review
and approval for suitability and adequacy?
7.5.3.1-1 Does the organization control that its documented
information is available and suitable for use, where
and when it is needed?
7.5.3.1-2 Does the organization ensure that its documented
information is adequately protected?
7.5.3.2-1 Does the organization address distribution, access,
retrieval, and use of its documented information in
order to control it?
7.5.3.2-2 Does the organization address storage and
preservation, including preservation of legibility, of
its documented information in order to control it?
7.5.3.2-3 Does the organization address control of changes
of its documented information in order to control
it?
7.5.3.2-4 Does the organization address retention and
disposition of its documented information in order
to control it?
7.5.3.2-5 Does the organization control and identify
documented information of external origin that is
necessary for the planning and operation of the
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 7 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

QMS?
7.5.3.2-6 Does the organization protect documented
information from unintended alterations?
8.1-1 Does the organization plan, implement, and
control its processes needed to meet the
requirements for the provision of products and
services?
8.1-2 Does the organization determine the requirements
for its products and services?
8.1-3 Does the organization establish criteria for the
processes?
8.1-4 Does the organization establish criteria for
acceptance of products and services?
8.1-5 Does the organization determine the resources
needed to achieve conformity to the product and
service requirements?
8.1-6 Does the organization implement control of the
processes in accordance with the criteria?
8.1-7 Does the organization determine and keep
documented information to the extent necessary
to have confidence that the processes have been
carried out as planned?
8.1-8 Does the organization determine and keep
documented information to the extent necessary
to demonstrate the conformity of products and
services to their requirements?
8.1-9 Does the organization control planned changes and
review the consequences of unintended changes?
8.1-10 Does the organization ensure that outsourced
processes are controlled?
8.2.1-1 Does the communication with customers include
providing information relating to products and
services?
8.2.1-2 Does the communication with customers include
handling inquiries, contracts, or orders, including
changes?
8.2.1-3 Does the communication with customers include
obtaining customer feedback related to product
and services, including complaints?
8.2.1-4 Does the communication with customers include
handling or controlling customer property?
8.2.1-5 Does the communication with customers include
establishing specific requirements for contingency
actions, when relevant?
8.2.2-1 Does the organization ensure that the
requirements for the products and services are
defined?
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 8 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

8.2.2-2 Do the requirements for the products and services


include any applicable statutory and regulatory
requirements?
8.2.2-3 Do the requirements for the products and services
include those considered necessary by the
organization?
8.2.2-4 Can the organization meet the claims for the
products and services it offers?
8.2.3.1-1 Does the organization ensure that it has the ability
to meet the requirements for products and
services to be offered to customers?
8.2.3.1-2 Does the organization conduct a review of
requirements specified by the customer, before
committing to supply products and services to a
customer?
8.2.3.1-3 Does the organization conduct a review of
requirements not stated by the customer, but
necessary for intended use, before committing to
supply products and services to a customer?
8.2.3.1-4 Does the organization conduct a review of
requirements specified by the organization, before
committing to supply products and services to a
customer?
8.2.3.1-5 Does the organization conduct a review of
statutory and regulatory requirements applicable
to products and services, before committing to
supply products and services to a customer?
8.2.3.1-6 Does the organization conduct a review of contract
or order requirements to determine whether they
differ from those previously expressed?
8.2.3.1-7 Does the organization ensure that contract or
order requirements differing from those previously
defined are resolved?
8.2.3.1-8 Does the organization confirm the customer’s
requirements before acceptance, when the
customer does not provide a documented
statement of their requirements?
8.2.3.2-1 Does the organization retain documented
information on any new requirements for the
products and services?
8.2.3.2-2 Does the organization retain documented
information about results of the review?
8.2.4 When the requirements for products and services
are changed, does the organization ensure that
relevant documented information is amended and
that relevant persons are made aware of the
changed requirements?

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 9 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

8.3.1 Does the organization establish, implement, and


maintain a design and development process that is
appropriate to ensure the subsequent provision of
products and services?
8.3.2-1 Does the organization consider the nature,
duration, and complexity of the design and
development activities?
8.3.2-2 Does the organization consider the required
process stages, including applicable design and
development reviews?
8.3.2-3 Does the organization consider required design
and development verification and validation
activities?
8.3.2-4 Does the organization consider responsibilities and
authorities involved in the design and development
process?
8.3.2-5 Does the organization consider internal and
external resource needs for the design and
development process?
8.3.2-6 Does the organization consider the need for
involvement of customers and users in the design
and development process?
8.3.2-7 Does the organization consider requirements for
subsequent provision of products and services?
8.3.2-8 Does the organization consider the level of control
expected for the design and development process
by customers and other relevant interested
parties?
8.3.2-9 Does the organization consider the documented
information needed to demonstrate that design
and development requirements have been met in
determining the stages and control for design and
development?
8.3.3-1 Does the organization determine requirements
essential for the specific types of products and
services to be designed and developed?
8.3.3-2 Does the organization consider functional and
performance requirements?
8.3.3-3 Does the organization consider information
derived from previous similar design and
development activities?
8.3.3-4 Does the information consider statutory and
regulatory requirements?
8.3.3-5 Does the organization consider standards or codes
of practice that the organization has committed to
implement?
8.3.3-6 Does the organization consider potential

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 10 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

consequences of failure due to the nature of the


products and services?
8.3.3-7 Does the organization use adequate inputs for
design and development?
8.3.3-8 Does the organization resolve conflicting design
and development, when discovered?
8.3.4-1 Does the organization apply controls to the design
and development process to ensure that the
results to be achieved are defined?
8.3.4-2 Does the organization apply controls to the design
and development process to ensure that reviews
are conducted, to evaluate the ability of the results
of design and development?
8.3.4-3 Does the organization apply controls to the design
and development process to ensure that
verification activities are conducted, to ensure that
the design and development outputs meet the
requirements?
8.3.4-4 Does the organization apply controls to the design
and development process to ensure that validation
activities are conducted, to ensure that the
resulting products and services meet the
requirements?
8.3.4-5 Does organization apply controls to the design and
development process to ensure that any necessary
actions are taken on problems determined during
the reviews, or verification and validation
activities?
8.3.4-6 Does the organization document information
about applied controls to the design and
development process?
8.3.5-1 Does the organization ensure that design and
development outputs meet the input
requirements?
8.3.5-2 Does the organization ensure that design and
development outputs are adequate for the
subsequent processes for the provision of products
and services?
8.3.5-3 Does the organization ensure that design and
development outputs include or reference
monitoring and measuring requirements, as
appropriate, and acceptance criteria?
8.3.5-4 Does the organization ensure that design and
development outputs specify the characteristics of
the products and services that are essential for
their intended purpose and their safe and proper
provision?

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 11 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

8.3.5-5 Does the organization retain documented


information on design and development outputs?
8.3.6-1 Does the organization identify, review, and control
changes made during design and development of
products and services?
8.3.6-2 Does the organization retain documented
information on design and development changes?
8.3.6-3 Does the organization retain documented
information on the results of reviews?
8.3.6-4 Does the organization retain documented
information about the authorization of the
changes?
8.3.6-5 Does the organization retain documented
information about the actions taken to prevent
adverse impacts?
8.4.1-1 Does the organization ensure that externally
provided processes, products, and services
conform to requirements?
8.4.1-2 Does the organization apply controls to externally
provided processes, services, or products when
such kind of products and services are intended for
incorporation into the organization’s products and
services?
8.4.1-3 Does the organization apply controls to externally
provided processes, services, or products when
provided directly to the customer by external
providers on behalf of the organization?
8.4.1-4 Does the organization apply controls to externally
provided processes, services, or products when a
process, or its part, is provided by an external
provider as a result of a decision by the
organization?
8.4.1-5 Does the organization determine and apply criteria
for the evaluation, selection, monitoring of
performance and re-evaluation of external
providers, based on their ability to provide
processes or products and services in accordance
with the requirements?
8.4.1-6 Does the organization retain documented
information of these activities and any necessary
actions arising from the evaluations?
8.4.2-1 Does the organization ensure the adequacy of
requirements prior to their communication to the
external provider?
8.4.2-2 Does the organization communicate to external
providers its requirements for the processes,
products, and services to be provided?

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 12 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

8.4.2-3 Does the organization communicate to external


providers its requirements for the approval of
products and services?
8.4.2-4 Does the organization communicate to external
providers its requirements for the approval of
methods, processes, and equipment?
8.4.2-5 Does the organization communicate to external
providers its requirements for the approval of the
release of products and services?
8.4.2-6 Does the organization communicate to external
providers its requirements for the competence of
persons, including any required qualifications?
8.4.2-7 Does the organization communicate to external
providers its requirements for the external
providers’ interaction with the organization?
8.4.2-8 Does the organization communicate to external
providers its requirements for the control and
monitoring of the external providers’ performance
to be applied by the organization?
8.4.2-9 Does the organization communicate to external
providers its requirements for the verification or
validation activities that the organization, or its
customer, intends to perform at the external
providers’ premises?
8.5.1-1 Does the organization implement production and
service provision under controlled conditions?
8.5.1-2 Do the organization’s controlled conditions include
the availability of documented information that
defines the characteristics of the products to be
produced, the services to be provided, or the
activities to be performed?
8.5.1-3 Do the organization’s controlled conditions include
the availability of documented information that
defines the results to be achieved?
8.5.1-4 Do the organization’s controlled conditions include
the availability and use of suitable monitoring and
measuring resources?
8.5.1-5 Do the organization’s controlled conditions include
the implementation of monitoring and
measurement activities at appropriate stages to
verify that criteria for control of processes or
outputs, and acceptance criteria for products and
services, have been met?
8.5.1-6 Do the organization’s controlled conditions include
the use of suitable infrastructure and environment
for the operation of processes?
8.5.1-7 Do the organization’s controlled conditions include

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 13 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

the appointment of competent persons, including


any required qualifications?
8.5.1-8 Do the organization’s controlled conditions include
the validation, and periodic revalidation, of the
ability to achieve planned results of the processes
for production and service provision, where the
resulting output cannot be verified by subsequent
monitoring or measurement?
8.5.1-9 Do the organization’s controlled conditions include
the implementation of actions to prevent human
error?
8.5.1-10 Do the organization’s controlled conditions include
implementation of release, delivery, and post-
delivery activities?
8.5.2-1 Does the organization use suitable means to
identify outputs when it is necessary to ensure the
conformity of products and services?
8.5.2-2 Does the organization identify the status of outputs
with respect to monitoring and measurement
requirements throughout production and service
provision?
8.5.2-3 Does the organization control the unique
identification of the outputs when traceability is a
requirement?
8.5.2-4 Does the organization retain the documented
information necessary to enable traceability?
8.5.3-1 Does the organization exercise care with property
belonging to customers or external providers?
8.5.3-2 Does the organization identify, verify, protect, and
safeguard customers’ or external providers’
property provided for use or incorporation into the
products and services?
8.5.3-3 Does the organization report to the customer or
external provider when their property is lost,
damaged, or otherwise found to be unsuitable for
use?
8.5.3-4 Does the organization retain documented
information on what occurred when a customer’s
or external provider’s property is lost, damaged, or
otherwise found to be unsuitable for use?
8.5.4-1 Does the organization preserve the outputs during
production and service provision, to the extent
necessary to ensure conformity to requirements?
8.5.5-1 Does the organization meet requirements for post-
delivery activities associated with the products and
services?
8.5.5-2 Does the organization consider statutory and

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 14 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

regulatory requirements in determining the extent


of post-delivery activities that are required?
8.5.5-3 Does the organization consider the potential
undesired consequences associated with its
products and services in determining the extent of
post-delivery activities that are required?
8.5.5-4 Does the organization consider the nature, use,
and intended lifetime of its products and services
in determining the extent of post-delivery activities
that are required?
8.5.5-5 Does the organization consider customer
requirements in determining the extent of post-
delivery activities that are required?
8.5.5-6 Does the organization consider customer feedback
in determining the extent of post-delivery activities
that are required?
8.5.6-1 Does the organization review and control changes
for production or service provision, to the extent
necessary to ensure continuing conformity with
requirements?
8.5.6-2 Does the organization retain documented
information describing the results of the review of
changes, the person authorizing the changes, and
any necessary actions arising from the review?
8.6.-1 Does the organization implement planned
arrangements, at appropriate stages, to verify that
the product and service requirements have been
met?
8.6-2 Does the organization proceed with the release of
products and services before planned
arrangements have been satisfactorily completed?
8.6-3 Does the organization retain documented
information on the release of products and
services?
8.6-4 Does the documented information on the release
of products and services include evidence of
conformity with the acceptance criteria?
8.6-5 Does the documented information on the release
of products and services include traceability to the
person authorizing the release?
8.7.1-1 Does the organization ensure that outputs that do
not conform to their requirements are identified
and controlled to prevent their unintended use or
delivery?
8.7.1-2 Does the organization take appropriate action
based on the nature of the nonconformity and its
effect on the conformity of products and services?

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 15 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

8.7.1-3 Does the organization take appropriate action


based on the nature of the nonconformity and its
effect on the conformity of products and services
detected after delivery of products, during or after
the provision?
8.7.1-4 Does the organization deal with nonconforming
outputs by correction?
8.7.1-5 Does the organization deal with nonconforming
outputs by segregation, containment, return, or
suspension of provision of products and services?
8.7.1-6 Does the organization deal with nonconforming
outputs by informing the customer?
8.7.1-7 Does the organization deal with nonconforming
outputs by obtaining authorization for acceptance
under concession?
8.7.1-8 Does the organization verify conformity to the
requirements when nonconforming outputs are
corrected?
8.7.2-1 Does the organization retain documented
information that describes the nonconformity?
8.7.2-2 Does the organization retain documented
information that describes the actions taken?
8.7.2-3 Does the organization retain documented
information that describes any concessions
obtained?
8.7.2-4 Does the organization retain documented
information that identifies the authority deciding
the action with respect to the nonconformity?
9.1.1-1 Does the organization determine what needs to be
monitored and measured?
9.1.1-2 Does the organization determine the methods for
monitoring, measurement, analysis, and evaluation
needed to ensure valid results?
9.1.1-3 Does the organization determine when the
monitoring and measuring is performed?
9.1.1-4 Does the organization determine when the results
from monitoring and measurement shall be
analyzed and evaluated?
9.1.1-5 Does the organization evaluate the performance
and effectiveness of its QMS?
9.1.1-6 Does the organization retain appropriate
documented information as evidence of the
results?
9.1.2-1 Does the organization monitor customers’
perception of the degree to which their needs and
expectations have been fulfilled?
9.1.2-2 Did the organization determine the methods for
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 16 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

obtaining, monitoring, and reviewing customer


satisfaction information?
9.1.3-1 Does the organization analyze and evaluate
appropriate data and information arising from
monitoring and measurement?
9.1.3-2 Does the organization use results of analysis to
evaluate conformity of products and services?
9.1.3-3 Does the organization use results of analysis to
evaluate the degree of customer satisfaction?
9.1.3-4 Does the organization use results of analysis to
evaluate the performance and effectiveness of its
QMS?
9.1.3-5 Does the organization use results of analysis to
evaluate if planning has been implemented
effectively?
9.1.3-6 Does the organization use results of analysis to
evaluate the effectiveness of actions taken to
address risks and opportunities?
9.1.3-7 Does the organization use results of analysis to
evaluate the performance of external providers?
9.1.3-8 Does the organization use results of analysis to
evaluate the need for improvements to its QMS?
9.2.1-1 Does the organization establish, implement, and
maintain an internal audit program(s)?
9.2.1-2 Did the organization determine the frequency,
methods, responsibilities, planning requirements,
and reporting of its internal audits?
9.2.2-1 When establishing the internal audit program, did
the organization take into account the results of
previous audits?
9.2.2-2 When establishing the internal audit program, did
the organization take into account the importance
of the processes concerned?
9.2.2-3 Did the organization define the audit criteria and
scope of each audit?
9.2.2-4 Does the organization ensure the objectivity of the
audit process?
9.2.2-5 Does the organization communicate audit results
to the relevant management?
9.2.2-6 Does the organization document information
about audits and audit results?
9.3.2-1 When planning and carrying out management
review, does the organization take into
consideration the status of actions from previous
management reviews?
9.3.2-2 When planning and carrying out management
review, does the organization take into
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 17 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

consideration changes in external and internal


issues that are relevant to its QMS?
9.3.2-3 When planning and carrying out management
review, does the organization take into
consideration information on the performance and
effectiveness of its QMS?
9.3.2-4 When planning and carrying out management
review, does the organization take into
consideration information on customer satisfaction
and feedback from relevant interested parties?
9.3.2-5 When planning and carrying out management
review, does the organization take into
consideration information on the extent to which
quality objectives have been met?
9.3.2-6 When planning and carrying out management
review, does the organization take into
consideration information on process performance
and conformity of products and services?
9.3.2-7 When planning and carrying out management
review, does the organization take into
consideration information on nonconformities and
corrective actions?
9.3.2-8 When planning and carrying out management
review, does the organization take into
consideration information on monitoring and
measurement results?
9.3.2-9 When planning and carrying out management
review, does the organization take into
consideration information on audit results?
9.3.2-10 When planning and carrying out management
review, does the organization take into
consideration information on the performance of
external providers?
9.3.2-11 When planning and carrying out management
review, does the organization take into
consideration information on the adequacy of
resources?
9.3.2-12 When planning and carrying out management
review, does the organization take into
consideration information on the effectiveness of
actions taken to address risks and opportunities?
9.3.2-13 When planning and carrying out management
review, does the organization take into
consideration information on opportunities for
improvement?
9.3.3-1 Do management review outputs include decisions
and actions related to opportunities for

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 18 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

improvement?
9.3.3-2 Do management review outputs include decisions
and actions related to any need for changes to the
QMS?
9.3.3-3 Do management review outputs include decisions
and actions related to resources needed?
9.3.3-4 Does the organization retain documented
information as evidence of the results of
management reviews?
10.1-1 Does the organization determine and select
opportunities for improvement?
10.1-2 Does the organization implement any necessary
actions to meet customer requirements and
enhance customer satisfaction?
10.1-3 Does the organization improve products and
services to meet requirements, as well as to
address future needs and expectations?
10.1-4 Does the organization correct, prevent, or reduce
undesired effects?
10.1-5 Does the organization improve the performance
and effectiveness of its QMS?
10.2.1-1 Does the organization take actions to control and
correct any existing nonconformity?
10.2.1-2 Does the organization evaluate the need for action
to eliminate the cause(s) of the nonconformity in
order to prevent its reoccurrence?
10.2.1-3 Does the organization review and analyze the
nonconformity?
10.2.1-4 Does the organization determine the causes of the
nonconformity?
10.2.1-5 Does the organization determine if similar
nonconformities exist, or could potentially occur?
10.2.1-6 When a nonconformity occurs, does the
organization implement any action needed?
10.2.1-7 When a nonconformity occurs, does the
organization review the effectiveness of any
corrective action taken?
10.2.1-8 When a nonconformity occurs, does the
organization update risks and opportunities
determined during planning (if necessary)?
10.2.1-9 When a nonconformity occurs, does the
organization make changes to the QMS (if
necessary)?
10.2.1-10 Does the organization undertake corrective actions
appropriate to the effects of the nonconformities
encountered?
10.2.2-1 Does the organization retain documented
Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 19 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.
[organization name]

information as evidence of the nature of the


nonconformities?
10.2.2-2 Does the organization retain documented
information as evidence of any subsequent actions
taken?
10.2.2-3 Does the organization retain documented
information as evidence of the results of any
corrective action?
10.3-1 Does the organization continually improve the
suitability, adequacy, and effectiveness of the
QMS?
10.3-2 Does the organization consider the results of
analysis and evaluation, and the outputs from
management review, to determine if there are
needs or opportunities that should be addressed as
part of continual improvement?

Appendix 1 – Internal Audit Checklist ver. [version] from [date] Page 20 of 20

©2015 This template may be used by clients of EPPS Services Ltd. www.advisera.com in accordance with the License Agreement.

You might also like