ISO 9001:2008 Internal Audit and Gap Analysis Checklist

Complete Software Package includes:

To download free sample checklists (MS Word files), click on appropriate picture or link below. Your browser will do the rest.

This product includes two versions of the ISO 9001 internal audit checklist:

In addition to clause-related questions this checklist also includes a special column named "What to look for and how" — a mini tutorial with tips and auditing techniques pertaining to the question. This is especially helpful for internal auditor training.

For example, for ISO 9001 Clause 7.4.3 the audit question is:

Are there established and implemented activities necessary for ensuring that purchased products meet specified requirements?

and the "What to look for and how" auditor tips instruct:

Ask/investigate what is being done to ensure purchased product conformity. It could be certificates or inspection reports from suppliers or independent labs, SPC records, Cpk or Ppk records, in house receiving inspection, supplier’s QMS certification...

Select a sample of purchased product categories/classes and, for each, investigate what activities or arrangements are planned to ensure their conformity, how this plan is documented and communicated, and whether it is consistently implemented. Are there adequate records of these verification activities/evidence?

Using the process approach, you audit your company's processes instead of individual elements of the quality system. The criteria and scope of the audit are basically the same, but the sequence, approach and focus changes from the ISO 9001 standard to the actual organization and processes of your company.

In process approach the flow and focus of the audit is on the organization (company) rather than the ISO 9001 standard. It considers the effectiveness and efficiency of processes, such as purchasing, and how the process interfaces with other processes. Process auditing is more natural and logical, and adds more value to your company than the element (compliance) approach.

The process approach is more difficult and time consuming to implement than element based auditing. The additional steps in implementing process approach auditing involve developing a process map and associating all major processes with relevant ISO 9001 requirements.

Compliance is verified by associating all ISO 9001 requirements to relevant processes and verifying whether the process and its implementation meet these requirements. For example, the purchasing process in your organization, in addition to being effective, efficient, and meeting your other internal requirements, must also meet all requirements of ISO 9001 Clause 7.4, Purchasing, and other relevant clauses.

First you must define your processes and establish your process map (which you should have anyway in order to comply with ISO 9001 Clause 4.1). Then associate each process with all relevant ISO 9001 requirements (sections, clauses and sub clauses). Finally, organize the checklist into sections representing your processes, and for each process list the corresponding requirements and audit questions. The scope of the checklist remains the same as for the element approach (all ISO 9001 requirements) but the basic unit of the audit is now a real process instead of an arbitrary clause in the standard.