How to create a checklist for an ISO 9001 internal audit for your QMS

One of the most important checking tools in a Quality Management System (QMS), or any management system, is the internal audit. The ISO 9001:2015 requirements are very clear that this is a critical element of your QMS; and, since you want to know how your processes are functioning, your internal audits become a key resource. Although audit checklists are not stated as a requirement in the ISO 9001:2015 standard, they are a widely used and important tool to make sure that when you perform an internal audit on a process you do not miss any elements of that process.

What does ISO 9001:2015 require the internal audit to do?

To better understand the why and how of internal audit checklists, it is helpful to understand what the ISO 9001:2015 requirements state about why we do internal audits. As per clause 9.2.1 of the standard, the internal audit is there to perform two functions:

  • to make sure that the processes are meeting the planned arrangements that the company has identified for the process in the QMS and any requirements that the IOS 9001:2015 standard has in place for that process
  • to make sure that the process is effectively implemented and maintained

So, when you are creating an audit checklist you want to include the information needed to make sure that you successfully check these two outcomes of the process.


How do you create a checklist to check conformance?

An internal audit is there to witness the outcome of a process through a review of records or witnessing the actions of the employees, and to then compare this to the planned arrangements for the process to see if what is being done is what was planned. As can be seen above, there are two sets of planned arrangements to check: those required by ISO 9001:2015 and those that the company has put in place for their process to function.

For example, if you are auditing a purchasing process against the ISO 9001:2015 standard (section 8.4.1), you will want to confirm that external providers are evaluated, selected, monitored, and reevaluated based on their ability to provide processes or products and services according to the requirements. This is the ISO 9001:2015 requirement. The company might also specify that this is done using an audit of the customers every three years, which would be a company-defined criteria for the process.

From this we can start to create the audit checklist. An audit checklist is basically a set of questions that the auditor wants to ask, or activities that the auditor wants to witness, in order to verify the planned arrangements as above. The checklist is created by reviewing the ISO 9001:2015 standard and any documented procedures or undocumented processes for the activity to determine what should happen. For the example above, the audit checklist could include questions on supplier evaluation and a review of the supplier audit reports that have been collected to see if they are done when determined by the QMS.

The checklist can include more than just questions; it can also include statements from the procedures that the auditor wants to check. Remember that the checklist is a tool for the auditor, and not something to give the auditee to fill out, so whatever format or questions and statements will be useful for the auditor to use in order to make sure that all important parts of the process are checked will work.

If you want to better understand the process approach, this is a good article on ISO 9001: The importance of the process approach.

How can you tell if the process is effective?

The second part of the ISO 9001:2015 internal audit requirements can be trickier to evaluate; but, depending on the process, implementation can also be quite simple. Many companies will use the concept of key performance indicators for the processes when satisfying the ISO 9001:2015 requirements to evaluate performance. This concept is for the process owner to have one or several main measures for their process that will let them know that the process is functioning as expected.

So, if you have key performance indicators (KPIs), and these are maintained by your process owners, an assessment of process effectiveness can be included on your internal audit checklist by reviewing the KPIs and determining if the measures are showing that the process is meeting the expected outputs. If KPIs are not formally used, then questioning the process owner on how they know their process is effective is another good line of questioning for the internal audit checklist.

For more information on key performance indicators and how to use them, check out this blog post on How to define Key Performance Indicators for a QMS based on ISO 9001.

Why should you use checklists in your internal audit?

While the ISO 9001:2015 standard does not include requirements that state an internal audit checklist must be used, it is a useful and effective way to document the questions you need to ask to ensure that your process outputs meet the planned arrangements for your process. When you are reviewing your process plans you can write down what you need to check, and in this way you can make sure that nothing important is forgotten. When you have finished an internal audit you do not want to find that you have neglected to collect the proper information and need to reschedule your audit to complete it.

So, like many other tools in the QMS, the internal audit checklist is a time-saving tool that will help prevent mistakes, and if you are interested in implementing a lean but useful QMS, then tools such as the internal audit checklist are invaluable to help you in this endeavor.

If you want to learn more about the internal audit process and how to best perform an internal audit, check out this free online  ISO 9001:2015 Internal Auditor Course.

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.