We’re committed to helping you and your organization

understand the updated requirements. This guidance

document identifies the steps you should take to achieve
compliance to ISO 9001:2015, and more importantly; what you
don’t need to do!

Internal Audit
Guidance
Assessing ISO 9001:2015
 Internal Audit Guidance
Assessing ISO 9001:2015

Documented Information Review ......................................................................... 9

Table of Contents
Process Criteria, Metrics and Objectives ............................................................ 9
AUDITING ISO 9001:2015 ............................................................................. 2 Previous Audit Findings ............................................................................................ 9
INTRODUCTION...................................................................................................................... 2 Customer Complaints and Corrective Actions ............................................... 10
PRINCIPLES OF INTERNAL AUDITING ................................................................................... 2 Inputs and Outputs................................................................................................... 10
THE INTERNAL AUDIT CHECKLIST ........................................................................................ 3 Relevant ISO standards ........................................................................................... 10
SELECTION OF AUDITORS ..................................................................................................... 3 Review Performance................................................................................................. 10
AUDIT SCORING CRITERIA .................................................................................................... 3 Review Competencies ............................................................................................. 10
TYPES OF INTERNAL AUDIT................................................................................................... 4 Review Linkages & Interactions ........................................................................... 11
Gap Analysis .................................................................................................................. 4 Review the Process ................................................................................................... 11
System Audits ............................................................................................................... 5 Review the Findings ................................................................................................. 11
Process Audits .............................................................................................................. 5 Prepare the Report ................................................................................................... 12
Product Audits .............................................................................................................. 5
INTERNAL AUDIT PROGRAMME ........................................................................................... 5
Implementing the Audit Programme .................................................................. 5
Focus on Risk-based Auditing ............................................................................... 6
How to Programme your Audits ........................................................................... 6
Step 1 – Determine Process Status .................................................................. 6
Step 2 – Determine Process Practices ............................................................ 6
Step 3 – Determine Process Importance ....................................................... 6
Step 4 – Determine Quality Ranking............................................................... 7
Step 5 – Determine the Number of Customer Complaints ................... 7
Step 6 – Determine the Number of Corrective Actions .......................... 7
Step 7 – Use the Indicators to Determine Audit Frequency .................. 7
Step 8 – Enter Planned Audit Dates ................................................................ 7
AUDIT METHODOLOGY......................................................................................................... 7
Introduction ................................................................................................................... 7
Preparation .................................................................................................................... 9

Copyright © 2016 Endeavour Technical Ltd Page 1 of 12


Auditing ISO 9001:2015
Introduction
The purpose of internal auditing is to assess the effectiveness of your
organization’s quality management system and your organization's overall
performance. Your internal audits demonstrate compliance with your
‘planned arrangements’, e.g. the QMS and its processes are implemented
and maintained.
Your role as the auditor is to gauge how well the management system and
its processes are functioning by gathering objective evidence of
conformance and performance. The auditee will often be a processes
owner; they are the experts of that process and as such will provide an
invaluable insight into the mechanics of the process. Why you should
allocate more time for internal audits:
1. Allocate more time to prepare for the audit;
2. Shift to more process-based assessment;
3. Focus on new and changed requirements;
4. Follow new audit trails through the process and the QMS;
5. Interview top management in more depth;
Your organization will likely conduct internal audits for one or more of the
following reasons:
1. Ensuring compliance to the requirements of internal, international
and industry standards & regulations, and customer requirements;
2. To determine the effectiveness of the implemented system in
meeting specified objectives (quality, environmental, financial);
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
3. To explore opportunities for improvement;
4. To meet statutory and regulatory requirements;
5. To provide feedback to Top management.
Principles of Internal Auditing
Auditing relies on a number of principles whose intent is to make the audit
become an effective and reliable tool that supports your company’s
management policies and policies whilst providing suitable objective
information that your company can act upon to continually improve its
performance.
Adherence to the following principles are considered to be a prerequisite
for ensuring that the conclusions derived from the audit are accurate,
objective and sufficient. It also allows auditors working independently from
one another to reach similar conclusions when auditing in similar
circumstances. The following principles relate to auditors.
1. Ethical conduct: Trust, integrity, confidentiality and discretion are
essential to auditing;
2. Fair presentation: Audit findings, conclusions and reports reflect
truthfully and accurately the audit activities;
3. Professional care: Auditors must exercise care in accordance with
the importance of the task they perform;
4. Independence: Auditors must be independent of the activity
being audited and be objective;
5. Evidence-based approach: Evidence must be verifiable and be
based on samples of the information available.
Page 2 of 12

The Internal Audit Checklist
The internal audit checklist will help you to determine the extent to which
your organization’s quality management system conforms to the
requirements by determining whether those requirements have been
effectively implemented and maintained. The templates will help you to
assess the status of your existing management system and identify process
weakness to allow a targeted approach to prioritizing corrective action to
drive improvement.
The internal audit checklist is just one of the many tools which are
available from the auditor’s toolbox that helps to ensure each internal
audit addresses the necessary requirements. It stands as a reference point
before, during and after the audit process and if developed for a specific
audit and used correctly will provide the following benefits:
1. Checklists can be used as a reference for planning future audits;
2. Checklists can be provided to the auditee prior to the audit;
3. Checklists can provide a means of communication;
4. A completed checklist provides evidence the audit was performed;
5. Ensures the audit is conducted systematically and consistently;
6. Ensures a consistent audit approach;
7. Actively supports the organization’s audit process;
8. Provides a repository for notes collected during the audit process;
9. Ensures uniformity in the performance of different auditors;
10. Provides reference to objective evidence;
11. Audit checklists provide assistance to the audit process.
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
The internal audit checklist comprises tables of the certifiable (‘shall’)
requirements, from Section 4.0 to Section 10.0 of ISO 9001:2015, each
requirement is phrased as a question. This audit checklist may be used for
element compliance audits and for process audits. If you wish to create
separate process audit checklists, select the clauses from the tables below
that are relevant to the process and copy and paste the audit questions
into a new audit checklist. We suggest that you retain this audit checklist
as your ‘master copy’.
Selection of Auditors
Competence level may be measured by training, participation in previous
audits and experience in conducting audits. Auditors may be external or
internal personnel; however, they should be in a position to be impartial
and objective.
When internal personnel are selected to perform an audit, a mechanism
needs to be established to ensure objectivity, for instance, a representative
from another department may be selected to do the audit.
Audits are demanding and require various forms of expertise. The size of
the audit team will vary pending the size of the organization, size and type
of operations and the scope of the audit.
Audit Scoring Criteria
A risk-based internal audit approach allows the internal audit to
concentrate on reviewing the major risks to the organization. The audit’s
role is to provide assurance that key risks to the organization’s objectives
are being well controlled.
Page 3 of 12
 Internal Audit Guidance
Assessing ISO 9001:2015

The audit findings ‘traffic lights’ are intended to visually communicate the Finding Definition/Impact Action/Mitigation
risk posed by the audit finding of any system or processes being audited. A high risk, major non-conformance Implement immediate
The rating system is stratified from ‘compliant’ to ‘major non-conformance’ which directly impacts upon containment action,
to convey a concise and consistent method for scoring each audit finding. customer requirements, likely to investigate root cause(s)
MAJOR N/C result in the customer receiving non- and apply corrective
Once the findings have been populated, copy and paste that data from the conforming products or services, or action. Re-audit in 4
which may reduce the effectiveness of weeks to verify
‘Audit Findings Summary’ table into the ‘Audit Tracker.xlsx’ file. The ‘Audit
the QMS. correction.
Tracker’ will then generate charts and metrics which can be pasted into the
Audit Report or Management Review documentation. This methodology
Types of Internal Audit
should be uniformly applied to all types of internal audit that your
Internal audits are commonly referred to as ‘first-party audits’ and are
organization will likely undertake.
conducted by an organization to determine compliance to a set of
Finding Definition/Impact Action/Mitigation requirements which might arise from standards like ISO 9001:2015, as well
Compliant means adherence with the
as customer or regulatory requirements. Within the sphere of internal
requirements of the standard and the
Continue to monitor auditing there are three common methods of internal auditing that may be
COMPLIANT QMS. The process is implemented and
trends/indicators.
documented and records exist to used to determine compliance, these are described below:
verify this.
A low risk issue that offers an Review and implement
Gap Analysis
opportunity to improve current actions to improve the The gap analysis will likely be your first ISO 9001:2015 audit. The gap
practice. Processes may cumbersome process(s). Monitor
analysis checklist highlights the new requirements contained in ISO
OFI or overly complex but meet their trends/indicators to
targets and objectives. Unresolved determine if 9001:2015 but it not intended to cover all of the requirements from ISO
OFIs may degrade over time to improvement was 9001:2015 comprehensively.
become non-compliant. achieved.
A medium risk, minor non- The unique knowledge obtained about the status your existing quality
conformance resulting in deviation management system will be a key driver of the subsequent
Investigate root cause(s)
from process practice not likely to implementation approach. Armed with this knowledge, it allows you to
and implement
result in the failure of the
MINOR N/C corrective action by next establish accurate budgets, timelines and expectations which are
management system or process that
reporting period or next proportional to the state of your current management system when
will not result in the delivery of non-
scheduled audit.
conforming products nor reduce the directly compared to the requirements of the standards.
effectiveness of the QMS.

Copyright © 2016 Endeavour Technical Ltd Page 4 of 12


Your organization may already have in place an ISO 9001:2008 compliant
quality management system or you might be running an uncertified
system. If this is the case, you will want to determine how closely your
system conforms to the requirements ISO 9001:2015.
The results of a gap analysis exercise will help to determine the differences,
or gaps, between your existing management system and the new
requirements. Not only will the analysis template help you to identify the
gaps, it will also allow you to recommend how those gaps should be filled.
The gap analysis output also provides a valuable baseline for the
implementation process as a whole and for measuring progress. Try to
understand each business process in the context of each of the
requirements by comparing different activities and processes with what
the standard requires. At the end of this activity you will have a list of
activities and processes that comply and ones that do not comply. The
latter list now becomes the target of your implementation plan.
System Audits
The system audits are best undertaken using the internal audit checklist.
This type of audit focuses on the organization’s quality management
system as a whole, and compares the planning activities and broad system
requirements to ensure that each clause or requirement has been
implemented.
Process Audits
The process audit is an in-depth analysis which verifies that the processes
comprising the management system are performing and producing in
accordance with desired outcomes. The process audit also identifies any
opportunities for improvement and possible corrective actions. Process
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
audits are used to concentrate on any special, vulnerable, new or high-risk
processes.
Product Audits
The product audit may be a series of audits, at appropriate stages of
design, production and delivery to verify conformity to any specified
product requirements, such as dimensions, functionality, packaging and
labelling, at a defined frequency.
Internal Audit Programme
Implementing the Audit Programme
During the early stages of implementing ISO 9001:2015, or any other
management system standard, the internal audit programme often focuses
on ensuring that any compliance issues or non-conformities are discovered
and rectified prior to the Certification Body assessment.
However, once your organization becomes certified, the audit programme
must evolve. The focus of the internal audit programme should be re-
directed, away from 'elemental' compliance with ISO 9001:2015, to an
audit strategy that considers the 'status and importance' of each process
comprising the quality management system. This is one of the most
disregarded aspects of ISO 9001:2015.
Has your internal audit programme been developed on an annual calendar
that forecasts which aspects of your QMS are going to be audited? If so,
you should begin programming your internal audits by basing the audit
frequency upon current process performance data, feedback from
customers, etc., to ensure that you are focusing on the risks and issues that
are on Top management's radar.
Page 5 of 12
 Internal Audit Guidance
Assessing ISO 9001:2015

Focus on Risk-based Auditing processes which are not performing to the planned arrangements, should
Internal audit programmes that are based on risk and customer feedback be assigned a higher status score.
will help your organization to embark upon new methods of compliance in
Score/Rank Description
which risk based thinking and continual improvement are the drivers,
1= Low All indicators show stability and consistently achieve targets
rather than something done simply for compliance. Improving the internal
2 = Medium Minor problems exist, process or product changes planned
audit programme in this manner will help to ensure corrective actions are
3 = High Poor performance/adverse trends, results not achieved
regarded as important to process results and that management reviews of
4 = Critical Any process with major audit finding in past 12 months
the QMS become an integral way of managing risk.
Step 2 – Determine Process Practices
How to Programme your Audits
You should consider how process practices can affect product conformity,
How do you plan your internal audits, whilst taking into account the status,
are process participants applying best practice to create conforming
practices and importance of your processes? If you purchased the Audit
process outputs? Consider whether the practices are documented and
Tracker Pro™ workbook, you can use the status and importance worksheet
whether they are applied consistently between other, similar processes?
to help determine which of your processes are critical and therefore which
should be audited more frequently. You can also create your own status Score/Rank Description
and importance tracker using the criteria described in this section. 1= Low Consistently applying documented practice

The ranking criteria are based on processes’ ability to adversely affect your 2 = Medium Current practices conform but are not documented

customers and how well the process is performing. This is a great way to 3 = High Practices are applied inconsistently

mathematically substantiate your audit programme and to introduce 4 = Critical Practices are non-conforming
elements of risk based auditing to your internal audits. You should then Step 3 – Determine Process Importance
schedule processes with high, red scores for additional audits, perhaps or
You should consider process importance as the degree of direct impact
three or even more times per year.
that process performance has on customer satisfaction and perception; i.e.
Step 1 – Determine Process Status could the process provide the customer with a non-conforming product?
You should consider your processes status in terms of maturity and Support processes should be given a lower ranking than the
stability; a more established, proven process will need to be audited less manufacturing or service provision processes. In addition, the results of
frequently than a newly implemented or recently modified (changed or previous audits should be considered too. Processes that have been
improved) process and should receive a lower status score. Conversely;

Copyright © 2016 Endeavour Technical Ltd Page 6 of 12


audited recently and which show continued effectiveness should be
audited less frequently.
Score/Rank Description
1= Low Low risk of adversely affecting customer satisfaction
2 = Medium Adverse effect on customer satisfaction & product quality
3 = High Likely have a significant adverse effect on customer satisfaction
4 = Critical Likely cause safety or regulatory compliance issues
Step 4 – Determine Quality Ranking
Consider how a failure in quality attributes could affect your customers in
terms of providing non-conforming product. In fact, why not ask your
customers which attributes could affect them the most, as this method
provides a great way to engage with them and to objectively justify the
audit programme to top management.
Step 5 – Determine the Number of Customer Complaints
Simply put, enter the actual number of complaints in the relevant cell that
is related to the process. Customer complaints are ranked very highly in
terms of seriousness and will elicit a red warning to highlight that process
as requiring greater audit scrutiny.
Step 6 – Determine the Number of Corrective Actions
Include the number of open corrective actions in the relevant cell that are
related to the process. The corrective actions should be included and must
cover all those that were raised internally or externally.
External corrective actions rank higher in terms of importance than internal
corrective actions. External corrective actions might arise from customer
audits, registrar audits or from other stakeholders.
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
Step 7 – Use the Indicators to Determine Audit Frequency
After you have entered the scores necessary to rank each process by its
current performance attributes, the assessment tool will generate resulting
simple, ‘traffic light’ indicators that are highlighted in the worksheet to
indicate whether the process requires more frequent auditing. The process
indicators will also copy in to the audit programme in order to provide a
cross reference to the indicator that influenced the audit frequency.
Inidcator Description
An audit should be scheduled at least once per year unless
otherwise required
An audit should be scheduled within 12 weeks with an additional
audit within 6 months
An audit should be scheduled within 4 weeks with an additional
audit after 12 weeks and then reoccurring quarterly
Step 8 – Enter Planned Audit Dates
Now that you have determined which processes require more frequent
internal auditing, based on their status and importance, you schedule a
series of internal audits for each process based on the priority scores
shown. Simply enter the start date and the finish date of each audit. The
internal audit programme will automatically highlight the relevant cells in
the programme. The programme has space to track one planned audit and
three additional audits for each process.
Audit Methodology
Introduction
The adoption of the ‘process approach’ is mandated by ISO 9001:2015 and
is one of the most important concepts relating to quality management
Page 7 of 12

systems. Process auditing is about auditing your organization’s processes
and their interactions, which together comprise the quality management
system. The process audit provides assurance that the processes have been
implemented as planned and provides information on the ability of the
process to produce a quality output.
The process approach is one of the core quality management principles,
which is defined as a ‘consistent and predictable results are achieved more
effectively and efficiently when activities are understood and managed as
interrelated processes that function as a coherent system’.
A process is a set of interrelated activities that transform inputs, such as
materials, customer requirements and labor, via a series of activities into
outputs, such as a finished product or service. Various stages of the
process must meet various applicable clauses of the standard. There are six
characteristics to look out for when auditing a process:
1. Does the process have an owner?
2. Is the process defined?
3. Is the process documented?
4. Are links between other processes established?
5. Are processes and their links monitored?
6. Are records maintained?
As part of the process approach, the process audits must be scheduled
according to the processes defined by your management system. The
audit schedule should not be based on the clauses of the standard, but it
should instead be based upon the importance and criticality of the process
itself. The process approach to auditing should cover three vital stages:
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
1. Preparing for the audit; (desk review)
2. Auditing the process and its linkages;
3. Preparing the summary and audit report;
An audit each process should be conducted at planned intervals in order
to determine whether the processes conform to planned arrangements in
order to determine whether the process is properly implemented and
maintained and to provide process performance information to top
management.
Effective process auditing requires the auditor to identify and record audit
trails that will make a difference to the organization. The audit should
begin with the process owner in order to understand how the process
interacts with the other process inputs, outputs, suppliers and/or
customers.
The auditor should be able to determine whether the outputs are
complete and that process measurements demonstrate whether all of the
outputs are consistently fit for purpose and are efficiently managed. Do
the customers agree with the outputs and the measures? Audit of
customer processes at planned intervals to:
1. Determine whether the process conforms to planned
arrangements;
2. Determine whether the process is properly implemented and
maintained;
3. Provide information on process performance to top management.
Consider these points during the process audit:
1. Is there continuity between the various support processes?
Page 8 of 12

2. Is the task done consistently on a person-to-person or day-to-day
basis?
3. Do the interfaces between the departments operate smoothly?
4. Does product information flow freely?
5. Is the process practice right?
6. Does it meet the requirements of the standard or specification?
7. Is it helping the organization effectively?
Preparation
Before the audit, prepare thoroughly! Spending an hour or three in
preparation will make you a better auditor and you will be much more
effective during the audit. Auditors should not skip this step as it provides
much needed value to the audit. Taking the time to prepare and organize
actually saves time during the audit.
Gather together all the relevant documented information that relates to
the process you will be auditing. Look at process metrics, work instructions,
turtle diagrams, process maps and flowcharts, etc. If applicable, collect and
review any control plans and failure mode effects analysis work sheets too.
Review these thoroughly and highlight the aspects that you plan to audit.
Using the documented information in this way ensures they become audit
records.
Your organization’s documented information may not cover all of the
requirements that may be relevant to the process. If certain information is
not available, it may become your first audit finding, not bad for the pre-
audit review!
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
Certain information and linkages should be audited. Some are required
and some are simply good audit practice. Putting these sections into a
worksheet format gives auditors a guide to follow, to ensure the relevant
links are audited.
Documented Information Review
Following are examples are of information that should be gathered and
reviewed. The audit scope, audit objectives, audit criteria are required and
this information be defined and documented. Usually, this is just basic
formality, document it and move on.
1. The audit scope defines what is included and excluded from the
audit, what will be audited.
2. The audit objectives define the purpose and what the audit should
achieve.
3. The audit criteria define what systems, standards and documented
information will be audited.
Process Criteria, Metrics and Objectives
Each process is required to define this in the quality management system.
Evaluate metrics and objectives to determine strengths and weaknesses.
Compare actual performance to targets. This will guide you on how to
should allocate your audit time. If targets are not met, identify it as an
audit trail. Where goals are met, focus more on other areas with bigger
issues.
Previous Audit Findings
Verify if actions from previous audits remain effective and closed. Review
previous audit trails to see if there is more to review, or whether they
Page 9 of 12

should be audited again. Past problems areas may reveal more
improvement opportunities.
Customer Complaints and Corrective Actions
Review previously identified problems and the effectiveness of any actions
taken. Note what should be re-verified to ensure problems and issues
remain closed. There could be incomplete actions, or new personnel that
are not aware of previous issues.
Inputs and Outputs
The quality management system must define and document the inputs,
activities and the outputs for each process. If your management system
uses flowcharts, turtle diagrams, process maps, etc., it should be
documented there. Are inputs and outputs clearly defined? Do you see
issues?
Relevant ISO standards
Review relevant sections of applicable ISO standards (e.g., ISO 9001 or ISO
14001, etc.) that are relevant to the process that you will be auditing. Print
those pages and highlight any requirements to ensure they are
documented correctly within the quality management system and that
they get audited.
Flowcharts, turtles, procedures, work instructions, records, process
sequence. Review the documented information that describe and control
the process. Review all the important steps and activities of the process
being audited. This information must be documented within the quality
management system.
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
Evaluate how effectively the process flows through each step. Do you see
any roadblocks or issues? Make notes directly on the documents. During
the audit, use them as check sheets and audit the trails and notes you
marked.
Review Performance
Review metrics and performance with appropriate managers, supervisors
and operators. They will know how well things are running, objectives,
customer issues and problem areas. If they do not, the requirements were
not met. Audit the sequence of the process with the people actually
performing the process. Do people know and follow the steps? Is what
they do the same as what is documented? Are best practices documented
and followed? Do personnel have changes they would recommend?
Review all the relevant steps of the assigned process. Evaluate how the
process flows through the steps. Are the process steps effective? Do you
see roadblocks or issues? Notate and follow audit trails you find with the
relevant personnel. Observe their work. Look for things that are not as they
should be.
Review Competencies
Training, skills and competencies are always a potential area for
improvement. Training and competency is vital and you should always
review whether training could be improved. Pay particular attention to
newer employees or people who do not demonstrate good skills or
competencies. Put people at ease, so they are not nervous. If there are
people who do not seem to be ‘up on their game’ note their names and
review this with the training process owner.
Page 10 of 12

Links to skills, competencies and training needed for each process must be
documented. Review skill lists for the assigned process. Are there clear lists
of skills for each position? Do they show enough detail? This is often a
finding, where lists are generic with inadequate detail. Training is a key
process of any system. Are there specific people or new hires you wish to
review? Are there particular skills you want to evaluate? Collect names to
review later.
Review Linkages & Interactions
Linkages and interactions with other processes are always important. As
you audit the assigned process, you will see how it connects and interacts
with other processes. As you audit, also audit the relevant links to related
processes and support processes. These would include the input hand over
from the previous process and the output hand over to the next process. It
should include interactions with relevant supporting processes, such as
training, quality, maintenance, calibration, record and document control,
etc.
Often a process will work pretty well by itself but it does not always sit well
with other processes at the hand over points. These must be audited as to
how they perform and interact with the main process. Note: don’t audit
each linked process at this time, only audit the pieces that interact with the
assigned process. The full processes will get audited as a separate process
audit.
Review the Process
The first task for the auditor is to establish what the process is intended to
achieve. For example, the Sales Department’s primary function is to
provide an effective interface between the organization and its customers
Copyright © 2016 Endeavour Technical Ltd
Internal Audit Guidance
Assessing ISO 9001:2015
and to input clear and accurate customer data onto the computer system
in a timely manner. If these are the most important objectives of that
process, then the audit must concentrate on verifying whether or not they
are being achieved.
Performance is often best proven by looking at how well the output of
Process A satisfies the input requirements of Process B. For example: how
often does Process B have problems with customer data entered on the
system, how many customer complaints have arisen due to inaccurate or
late information being entered? If there is a documented procedure in
place, it should define the process and the steps to be taken to ensure the
objectives are achieved.
In the absence of any particular standard requirements, you may want to
determine what customer driven requirements you might have. And audit
for effectiveness. The audit tool is there to check how the plan is
functioning and if it delivers as expected. Consider these points:
1. Is there continuity between the various processes?
2. Is the task done consistently on a person-to-person or daily basis?
3. Do the interfaces between the departments operate smoothly?
4. Does product information flow freely?
5. Is the procedure right and does it meet the standard?
6. Is it helping the organization effectively?
Review the Findings
Mark findings and issues as you go. When you finish auditing, you should
have a collection of various findings to review. Organize the notes you
made, these findings need to be reported to management. As you moved
Page 11 of 12
 Internal Audit Guidance
Assessing ISO 9001:2015

through the audit, you should have noted the issues and improvements should also be documented on your corrective action forms. The audit
you saw. These should have been marked clearly so you are now able to summary and the corrective action forms should be attached to the audit
quickly review and capture them as you write the report. package, which now becomes the audit record. Only the summary report
and corrective actions need be given to the process owner and a copy of
When you have completed the audit, you will probably have findings.
the audit report should be given to Top management.
Some findings might be problems and some might be opportunities for
improvement. Review your notes and collect the findings into the audit
report. Audit teams should review findings with the lead auditor and/or
management representative as it important to calibrate the findings and
serves as a learning process. If there is disagreement over some findings,
the Lead Auditor has the final vote.

Prepare the Report

A good summary report is the output which is the value of the audit. It
deserves an appropriate amount of attention and effort. As you moved
through the audit, you should have noted the issues and improvements
you saw. These should have been marked clearly so you are now able to
quickly review and capture them as you write the report.

These findings and conclusions should be formally documented as part of

the summary report. Too often, the audit report only recites back facts and
data the managers already know. The value is in identifying issues and
opportunities they do not know! This summary should be reviewed first
with the lead auditor, then the Process Owner and Management Team.
Make final revisions and file the audit report and all supporting audit
materials and notes.

Gather the whole audit package together, in an organized manner. The

rest of the work instructions, flowcharts, notes and relevant papers should
be gathered into the audit package as supporting records. All findings

Copyright © 2016 Endeavour Technical Ltd Page 12 of 12