Académique Documents
Professionnel Documents
Culture Documents
Name of auditee
Management system
ISO standard
Scheduled audit start date
Date will be set here
Additional comments
Managing the audit (programme preparation):
1
2
3
4
Any additional regulatory requirements
Establish context of the audit programme
In order to understand the context of the auditee, the audit programme should take into account
the auditee’s:
1
Organizational objectives
2
3
4
1
2
Risks and opportunities associated with the audit programme (see 5.3) and the actions to
address them
3
Scope (extent, boundaries, locations) of each audit within the audit programme
4
5
6
Audit criteria
7
Audit methods to be employed
8
9
Record the context of the audit programme in the form field below.
The auditee must make sure that audit programme objectives are established to allow for
planning and conducting of the audit to take place.
These objectives should be consistent with the auditee's broader business goals and support their
primary management system strategies and objectives.
1
2
3
4
5
KPIs
6
7
Risks and opportunities
8
Risks and opportunities relating to the context of the auditee can be effectively identified with an
audit programme.
Audit programme managers should identify the risks and opportunities present when
considering the full scope of the audit programme.
Planning
Resources
Selection of the audit team
Internal communication and information security
Audit implementation
Control of documented information
Monitoring and reviewing the audit programme
Auditee cooperation
Availability of evidence
This task will depend on information provided by the auditee regarding its context.
For the purpose of this checklist, "extent" of the audit programme refers to simply the number of
individual audits and additional audit activities that will need to be carried out.
Using the information provided to you by the auditee, establish the scope of the audit
programme using the form field below.
1
2
Time available
3
Finances available
4
5
6
7
Time zones
8
9
10
11
It's important to maintain clear communication with the auditee throughout the audit.
As such, the audit programme manager should prepare all documented information so far, in
preparation for sharing the complete audit programme planning with the auditee.
The documented information may not be complete at this point; further approvals will be needed
once more information has been documented.
Use the form fields in this task to record and/or upload documented information relevant to
the audit programme so far.
Using everything you've prepared so far, communicate the audit programme with the auditee.
That's as simple as sending an email using the email widget below. All of the relevant
information has already been attached using form fields you've already filled in.
1
Establish the extent of the audit programme (in-line with programme objectives)
2
3
4
5
6
Clearly communicate the audit programme objectives and documentation thus far to the
auditee
Finally, the audit programme manager should make sure that the audit programme so far is
approved by the auditee.
1
Now that the basis for the audit programme has been established, you need to make sure all
individuals involved with the planning of the audit are adequately informed and prepared.
This basically involves making sure the following information is clearly communicated and
easily available to all members of audit programme manageme
1
2
3
Scope, objectives, and individual audit criteria
4
5
6
7
8
9
You've already established the criteria for the audit programme; you also need to establish
objectives of the individual audit.
Individual audit objectives will be consistent with the overall audit programme objectives,
including the following (as an example):
1
2
The management system's capacity to help the organization to meet relevant regulatory
requirements
3
4
5
Suitability of the management system with respect to overall strategic context and
business objectives of the auditee
Audit scope, shall be consistent with the audit programme and audit objectives.
Consider the following factors, and define the audit scope in the form field below:
1
Audit location
2
Audit function
3
Audit activities
4
Processes to be audited
5
Audit time-frame
For individual audits, criteria should be defined to be used as a reference against which
conformity will be determined.
1
Relevant policies
2
3
Performance objectives and KPIs
4
5
6
7
Audit program managers should select the specific methods to be used during the process of the
audit.
Methods will depend on the established audit objectives, scope, and criteria.
1
2
Audit complexity
3
4
Audit methods
5
Ability of the audit team to work and interact effectively with the auditee
6
7
Type and complexity of processes to be audited (do they require specialized knowledge?)
Use the members fields below to assign audit team members.
Audit programme managers should be responsible for assigning the audit team leader.
This should be done well ahead of the scheduled date of the audit, to be sure that planning can
take place in a timely manner.
A dynamic due date has been set for this task, for one month before the scheduled start date of
the audit.
Use the form fields below to record the details of the lead auditor.
1
Evaluating the achievement of objectives of individual audits within the audit programme
2
3
4
5
Audit programme managers should make sure all audit information is properly documented.
This is to be sure that the implementation of the audit programme can be adequately
demonstrated.
1
2
3
4
5
Effectiveness of the audit programme
Records for individual audits might include:
1
2
3
4
5
Follow-up reports
6
Audit programme managers should also make sure that tools and systems are in place to
ensure adequate monitoring of the audit programme and all relevant activities.
1
Timeliness of the audit (whether deadlines and schedules are being met)
2
3
4
5
Both the auditee and the audit programme manager should be responsible for reviewing the
audit programme (including details of the individual audit(s) so far, to assess whether its
objectives have been achieved.
Audit programme
Basic information
Audit programme manager: {{form.Audit_programme_manager_first_name}}
{{form.Audit_programme_manager_second_name}}
Individual audit
Individual audit objectives
{{form.Individual_audit_objectives}}
Using the information above, both audit programme manager and auditee should assess the
following:
1
How both audit programme and individual audit have been implemented
2
3
4
1
2
3
The needs and expectations of the auditee and other relevant interested parties
4
5
6
7
The lead auditor should make contact with the auditee and ensure the following:
1
Basic introduction and clear outline of lead auditor roles and responsibilities
2
3
4
5
6
7
Determine if there are any additional regulatory requirements that will impact audit
activities
8
9
10
11
12
13
For example, the dates of the opening and closing meetings should be provisionally declared for
planning purposes.
Date of opening meeting
Date will be set here
Determine feasibility of individual audit objectives
The point of this task is to make sure there can be a reasonable determination that the individual
audit objectives can be successfully achieved.
Using information available so far, determine whether the following factors are true:
1
The audit team has sufficient information to adequately plan for the individual audit
2
3
4
If the individual audit objectives cannot be feasibly achieved, a viable alternative should be
proposed.
1
The lead auditor should obtain and review all documentation of the auditee's management
system.
This will help to prepare for individual audit activities, and will serve as a high-level overview
from which the lead auditor will be able to better identify and understand areas of concern or
nonconformity.
Reference material, such as individual ISO standards, will be useful at this point.
Using the form field below, describe the issue(s) with documented information so far, and
the steps taken to resolve the issue(s).
The lead auditor should prepare an audit plan for the individual audit.
1
2
3
4
Scope and complexity of the audit
5
6
7
8
1
2
3
4
5
6
7
You can use Process Street's task assignment feature to assign specific tasks in this checklist to
individual members of your audit team.
The audit team should collect and review relevant information for their individual audit task
assignmentsand prepare any documented information that will be required for conducting the
audit.
1
2
3
Digital checklists
4
5
It may be necessary for additional observers or guides of some sort to accompany the audit team.
This will of course depend on the context of the individual audit.
Whatever the case, they should not influence or interfere with the main audit process.
The lead auditor reserves the right to deny access to any observers and/or guides from audit
activities, if and when they deem appropriate.
Record details of audit guides/observers using the form fields of this task.
An opening meeting between the auditee and all relevant parties should be held.
It's advised that the opening meeting should be led by the lead auditor.
The scheduling for this meeting should have already been determined earlier in the checklist.
During the opening meeting, confirm the following with all relevant parties:
1
2
3
4
5
Individual audit plans
6
7
That all planned activities can be performed, and proper authorization is acquired
8
9
10
11
This meeting is a great opportunity to ask any questions about the audit process and generally
clear the air of uncertainties or reservations.
Depending on the size and scope of the audit (and as such the organization being audited) the
opening meeting might be as simple as announcing that the audit is starting, with a simple
explanation of the nature of the audit.
Familiarity of the auditee with the audit process is also an important factor in determining how
extensive the opening meeting should be.
During the opening meeting, the following items should be clearly communicated:
1
2
3
4
Procedures for receiving feedback from the auditee in response to findings during the
audit
(Conditional) Establish formal communication protocol
Such a protocol can be useful for communication within the audit team, as well as with the
auditee, and other relevant interested parties.
For example, certain language barriers may hinder communication, or specific channels of
communication may be required to facilitate seamless audit conduct.
As well, certain regulatory requirements may specify that a formal communication protocol be
followed.
Using the form field below, establish the formal communication protocol.
Where, when, and how information is accessible is a crucial factor during the audit.
It's important to make clear where all relevant interested parties can find important audit
information.
Make sure important information is readily accessible by recording the location in the form
fields of this task.
You may want to consider uploading important information to a secure central repository (URL)
that can be easily shared to relevant interested parties.
Audit evidence should be verifiable, and auditors should apply professional, rational judgement
to determine whether or not proposed audit evidence is in fact reliable.
Below is a useful diagram showing how a source of information can lead to an audit conclusion,
by way of evidence collection and evaluation against audit criteria.
Source:
https://www.sciencedirect.com/topics/computer-science/audit-standard
Methods of collecting information include, but are not limited to:
You may wish to edit the form fields to suit your audit programme and/or audit compliance
requirements for collecting and recording evidence.
Audit evidence
Audit evidence (.PDF)
File will be uploaded here
Evaluate audit evidence against audit criteria
Audit evidence should be evaluated against the audit criteria in order to determine audit findings.
Audit findings can indicate conformity or nonconformity with audit criteria. When specified by
the audit plan, individual audit findings should include conformity and good practices along with
their supporting evidence, opportunities for improvement, and any recommendations to the
auditee.
Nonconformities and their supporting audit evidence should be recorded.
Nonconformities can be graded depending on the context of the organization and its risks. This
grading can be quantitative (e.g. 1 to 5) and qualitative (e.g. minor, major).
They should be reviewed with the auditee in order to obtain acknowledgement that the audit
evidence is accurate and that the nonconformities are understood.
Every attempt should be made to resolve any diverging opinions concerning the audit evidence
or findings. Unresolved issues should be recorded in the audit report.
The audit team should meet as needed to review the audit findings at appropriate stages during
the audit.
NOTE 1 Additional guidance on the identification and evaluation of audit findings is given in
A.18.
The form fields below are simple suggestions for how you might generate audit findings. You
may wish to edit them to better suit your individual audit requirements.
Conformities
Conformity #1
Conformity #2
Nonconformities
Nonconformity #1
Quality of nonconformity #1
1
Nonconformity #2
Quality of nonconformity #2
1
Nonconformity #3
Nonconformity #3 supporting evidence
Quality of nonconformity #3
1
Additional recommendations
Unresolved issues
Audit process (concluding the audit):
Audit reports should be issued within 24 hours of the audit to ensure the auditee is given
opportunity to take corrective action in a timely, thorough fashion
If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do"
pile, and much of the momentum of the audit, including discussions of findings and feedback
from the auditor, will have faded.
This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been
evaluated against criteria.
The audit report is the final record of the audit; the high-level document that clearly outlines a
complete, concise, clear record of everything of note that happened during the audit.
Use the sub-checklist below to check off important items included within the audit report:
1
2
3
Individual audit scope
4
5
6
7
8
9
Audit conclusions
10
11
As stressed in the previous task, that the audit report is distributed in a timely manner is one of
the most important aspects of the entire audit process.
Use the email widget below to quickly and easily distribute the audit report to all relevant
interested parties.
Depending on the outcome of the audit, there may be a need for follow-up action.
As part of the follow-up actions, the auditee will be responsible for keeping the audit team
informed of any relevant activities undertaken within the agreed time-frame. The completion and
effectiveness of these actions will need to be verified - this may be part of a subsequent audit.
In any case, recommendations for follow-up action should be prepared ahead of the closing
meeting and shared accordingly with relevant interested parties.
Follow-up actions
Prepare for closing meeting
Before the closing meeting, the audit team should make adequate preparations.
Make sure the following items are resolved ahead of the closing meeting:
1
2
3
4
Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone
with the proceedings and outcome of the audit, and provide a firm resolution to the whole
process.
The main point of the closing meeting should be to present audit findings and conclusions.
Lead auditors should be responsible for presenting audit findings and conclusions.
You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant
interested parties are in attendance at the closing meeting:
1
Auditee management
2
3
4
5
6
1
If applicable, first addressing any special occurrences or situations that might have
impacted the reliability of audit conclusions
2
Making sure all present are familiar with or have access to the complete audit report
3
Making sure the auditee is familiar with the audit process
4
5
6
For more formal audits, minutes and records of attendance can be kept.
For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit
findings and audit conclusions.
In any case, during the course of the closing meeting, the following should be clearly
communicated to the auditee:
1
That audit evidence is based on sample information, and therefore cannot be fully
representative of the overall effectiveness of the processes being audited
2
3
4
5
6
7
All information documented during the course of the audit should be retained or disposed of,
depending on:
However, it may sometimes be a legal requirement that certain information be disclosed. Should
that be the case, the auditee/audit client must be informed as soon as possible.
ISO 9001
"The most effective audits are those during which auditors simply talk with the auditees to learn
everything they can about the process being audited." - Ann W. Phillips, from ISO 9001:2015
Internal Audits Made Easy
This checklist is designed as a supplement, and is not intended to replace ISO 9001.
For best results, users are encouraged to edit the checklist and modify the contents to best suit
their use cases, as it cannot provide specific guidance on the particular risks and controls
applicable to every situation.
Typically, management system auditors will prepare custom checklists that reflect the specific
scope, scale, and objectives of the quality management system being audited.
Before beginning preparations for the audit, enter some basic details using the form
fields below.
Auditee
For example, if management is running this checklist, they may wish to assign the lead internal
auditor after completing the basic audit details.
In order to understand the context of the audit, the audit programme manager should take into
account the auditee’s:
1
2
3
4
The audit programme manager needs to establish objectives of the QMS audit.
Individual audit objectives need to be consistent with the context of the auditee, including the
following factors:
1
2
Capacity of the QMS to help the organization to meet relevant regulatory requirements
3
4
5
Suitability of the QMS with respect to overall strategic context and business objectives of
the auditee
Audit objectives
Establish scope of the audit
Consider the following factors, and define the audit scope in the form field below:
1
Audit location
2
Audit function
3
Audit activities
4
Processes to be audited
5
Audit time-frame
Audit scope
Establish criteria of the audit
For individual audits, criteria should be defined to be used as a reference against which
conformity will be determined.
1
Relevant policies
2
3
4
5
6
7
Audit criteria
Ensure audit monitoring systems are in place
Audit programme managers should also make sure that tools and systems are in place to
ensure adequate monitoring of the audit and all relevant activities.
1
Timeliness of the audit (whether deadlines and schedules are being met)
2
3
4
5
Request all existing relevant QMS documentation from the auditee. You can use the form
field below to quickly and easily request this information
1
2
Audit complexity
3
4
Audit methods
5
Ability of the audit team to work and interact effectively with the auditee
6
Type and complexity of processes to be audited (do they require specialized knowledge?)
Use the members fields below to assign audit team members.
Audit programme managers should be responsible for assigning the audit team leader.
This should be done well ahead of the scheduled date of the audit, to be sure that planning can
take place in a timely manner.
A dynamic due date has been set for this task, for one month before the scheduled start date of
the audit.
Use the form fields below to record the details of the lead auditor.
The lead auditor should obtain and review all documentation of the auditee's management
system.
This will help to prepare for individual audit activities, and will serve as a high-level overview
from which the lead auditor will be able to better identify and understand areas of concern or
nonconformity.
Reference material, such as individual ISO standards, will be useful at this point.
Using the form field below, describe the issue(s) with documented information so far, and
the steps taken to resolve the issue(s).
The lead auditor should prepare an audit plan for the individual audit.
1
2
3
4
5
6
8
You can use Process Street's task assignment feature to assign specific tasks in this checklist to
individual members of your audit team.
The lead auditor should make contact with the auditee and ensure the following:
1
Basic introduction and clear outline of lead auditor roles and responsibilities
2
3
4
5
6
7
Determine if there are any additional regulatory requirements that will impact audit
activities
8
9
10
11
12
13
For example, the dates of the opening and closing meetings should be provisionally declared for
planning purposes.
An opening meeting between the auditee and all relevant parties should be held.
It's advised that the opening meeting should be led by the lead auditor.
The scheduling for this meeting should have already been determined earlier in the checklist.
During the opening meeting, confirm the following with all relevant parties:
1
2
3
Individual audit objectives
4
5
6
7
That all planned activities can be performed, and proper authorization is acquired
8
9
10
11
This meeting is a great opportunity to ask any questions about the audit process and generally
clear the air of uncertainties or reservations.
Depending on the size and scope of the audit (and as such the organization being audited) the
opening meeting might be as simple as announcing that the audit is starting, with a simple
explanation of the nature of the audit.
Familiarity of the auditee with the audit process is also an important factor in determining how
extensive the opening meeting should be.
During the opening meeting, the following items should be clearly communicated:
1
2
Conditions of audit termination
3
4
Procedures for receiving feedback from the auditee in response to findings during the
audit
Ensure relevant audit information is accessible
Where, when, and how information is accessible is a crucial factor during the audit.
It's important to make clear where all relevant interested parties can find important audit
information.
Make sure important information is readily accessible by recording the location in the form
fields of this task.
You may want to consider uploading important information to a secure central repository (URL)
that can be easily shared to relevant interested parties.
Record information pertaining to the organization and its context in the form fields below.
Provide a record of evidence gathered relating to the needs and expectations of interested
parties in the form fields below.
The scope of the QMS is basically a description of the processes, procedures, services, and
products that the QMS applies to.
Provide a record of evidence gathered relating to the QMS scope in the form fields below.
QMS scope information
Provide a record of evidence gathered relating to the QMS leadership in the form fields
below.
Provide a record of evidence gathered relating to the QMS customer focus in the form fields
below.
QMS customer focus information
Provide a record of evidence gathered relating to the QMS quality policy in the form fields
below.
Provide a record of evidence gathered relating to the QMS quality objectives in the form
fields below.
Provide a record of evidence gathered relating to the QMS procedures for implementing
changes in the form fields below.
Provide a record of evidence gathered relating to the QMS organization and allocation of
resources in the form fields below.
HR integration information
Provide a record of evidence gathered relating to the QMS infrastructure in the form fields
below.
Provide a record of evidence gathered relating to the QMS work environment in the form
fields below.
Provide a record of evidence gathered relating to the QMS systems for monitoring and
measuring resources using the form fields below.
Provide a record of evidence gathered relating to the QMS organizational knowledge in the
form fields below.
Provide a record of evidence gathered relating to the QMS competence in the form fields
below.
Provide a record of evidence gathered relating to the QMS awareness in the form fields
below.
Provide a record of evidence gathered relating to the communication of the QMS within
the organization using the form fields below.
Provide a record of evidence gathered relating to the QMS process control in the form fields
below.
Provide a record of evidence gathered relating to the development and design of products
and services within the QMS in the form fields below.
Provide a record of evidence gathered relating to the design and development inputs of the
QMS in the form fields below.
Provide a record of evidence gathered relating to the design and development controls of
the QMS in the form fields below.
Provide a record of evidence gathered relating to the design and development outputs of
the QMS in the form fields below.
Provide a record of evidence gathered relating to the design and development changes of
the QMS in the form fields below.
Provide a record of evidence gathered relating to externally provided products and services
within the QMS using the form fields below.
Provide a record of evidence gathered relating to type and extent of control in the
QMS using the form fields below.
Provide a record of evidence gathered relating to the information for external providers of
the QMS using the form fields below.
Provide a record of evidence gathered relating to the control of production and services
provision of the QMS using the form fields below.
Provide a record of evidence gathered relating to the control of external provider (or
customer) property in the QMS using the form fields below.
So far, you'll have made records of the auditee's documentation and implementation of QMS
policies and procedures using the form fields in the completed tasks so far (audit evidence).
You should also have made notes on both conformities and nonconformities alongside relevant
suggestions for corrective action or opportunities for improvement (audit findings).
Recorded nonconformities:
{{form.Record_nonconformities_for_organization_and_its_context_2}}
Suggestions: {{form.Suggestions_for_organization_and_its_context}}
Any nonconformities?:
{{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}
Recorded conformities:
{{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}
Recorded nonconformities:
{{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties_2}}
Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}
QMS scope
Information: {{form.QMS_scope_information}}
Suggestions: {{form.Suggestions_for_QMS_scope}}
Leadership
QMS leadership
Information: {{form.QMS_leadership_information}}
Suggestions: {{form.Suggestions_for_QMS_leadership}}
Customer focus
Information: {{form.QMS_customer_focus_information}}
Suggestions: {{form.Suggestions_for_QMS_customer_focus}}
Quality policy
Information: {{form.QMS_quality_policy_information}}
Suggestions: {{form.Suggestions_for_QMS_quality_policy}}
Recorded nonconformities:
{{form.Record_nonconformities_for_QMS_roles_and_responsibilities_2}}
Suggestions: {{form.Suggestions_for_QMS_roles_and_responsibilities}}
QMS planning
Any nonconformities?:
{{form.Nonconformity_with_documentation_of_QMS_risks_and_opportunities?}}
Recorded nonconformities:
{{form.Record_nonconformities_for_QMS_risks_and_opportunities_2}}
Suggestions: {{form.Suggestions_for_QMS_risks_and_opportunities}}
Quality objectives
Information: {{form.QMS_quality_objectives_information}}
Suggestions: {{form.Suggestions_for_QMS_quality_objectives}}
Suggestions: {{form.Suggestions_for_procedures_for_change}}
Support
Any nonconformities?:
{{form.Nonconformity_for_organization_and_allocation_of_resources?}}
Recorded conformities:
{{form.Record_conformities_for_organization_and_allocation_of_resources}}
Recorded nonconformities:
{{form.Record_nonconformities_for_organization_and_allocation_of_resources_2}}
Suggestions: {{form.Suggestions_for_organization_and_allocation_of_resources}}
HR integration
Information: {{form.HR_integration_information}}
Suggestions: {{form.Suggestions_for_HR_integration}}
QMS infrastructure
Information: {{form.QMS_infrastructure_information}}
Suggestions: {{form.Suggestions_for_QMS_infrastructure}}
Suggestions: {{form.Suggestions_for_QMS_work_environment}}
Any nonconformities?:
{{form.Nonconformity_with_systems_for_monitoring_and_measuring_resources?}}
Recorded conformities:
{{form.Record_conformities_for_systems_for_monitoring_and_measuring_resources}}
Recorded nonconformities:
{{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_resources_2}}
Suggestions: {{form.Suggestions_for_monitoring_and_measuring_resources}}
Any nonconformities?:
{{form.Nonconformity_with_organizational_knowledge_of_QMS_informaiton?}}
Recorded conformities:
{{form.Record_conformities_for_organizational_knowledge_of_QMS_information}}
Recorded nonconformities:
{{form.Record_nonconformities_for_organizational_knowledge_of_QMS_information_2}}
Suggestions: {{form.Suggestions_for_organizational_knowledge_of_QMS_information}}
QMS competence
Information: {{form.QMS_competence_information}}
Suggestions: {{form.Suggestions_for_QMS_competence}}
QMS awareness
Information: {{form.QMS_awareness_information}}
Suggestions: {{form.Suggestions_for_QMS_awareness}}
Suggestions: {{form.Suggestions_for_communication_of_QMS}}
Documented information
Information: {{form.Documented_information_notes}}
Suggestions: {{form.Suggestions_for_documented_information}}
Operation
Process control
Information: {{form.Process_control_information}}
Suggestions: {{form.Suggestions_for_process_control}}
Any nonconformities?:
{{form.Nonconformity_with_determination_of_requirements_for_products_and_services?}}
Recorded conformities:
{{form.Record_conformities_for_determination_of_requirements_for_product_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_determination_of_requirements_for_product_and_services
_2}}
Suggestions:
{{form.Suggestions_for_determination_of_requirements_for_product_and_services}}
Any nonconformities?:
{{form.Nonconformity_with_design_and_development_of_products_and_services?}}
Recorded conformities:
{{form.Record_conformities_for_design_and_development_of_products_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_design_and_development_of_products_and_services_2}}
Suggestions: {{form.Suggestions_for_design_and_development_of_products_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_design_and_development_inputs_2}}
Suggestions: {{form.Suggestions_for_design_and_development_inputs}}
Recorded nonconformities:
{{form.Record_nonconformities_for_design_and_development_controls_2}}
Suggestions: {{form.Suggestions_for_design_and_development_controls}}
Recorded nonconformities:
{{form.Record_nonconformities_for_design_and_development_outputs_2}}
Suggestions: {{form.Suggestions_for_design_and_development_outputs}}
Recorded nonconformities:
{{form.Record_nonconformities_for_design_and_development_changes_2}}
Suggestions: {{form.Suggestions_for_design_and_development_changes}}
Any nonconformities?:
{{form.Nonconformity_with_control_of_externally_provided_products_and_services?}}
Recorded conformities:
{{form.Record_conformities_for_control_of_externally_provided_products_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_control_of_externally_provided_products_and_services_2
}}
Suggestions: {{form.Suggestions_for_control_of_externally_provided_products_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_type_and_extent_of_control_2}}
Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}
Recorded nonconformities:
{{form.Record_nonconformities_for_information_for_external_providers_2}}
Suggestions: {{form.Suggestions_for_information_for_external_providers}}
Any nonconformities?:
{{form.Nonconformity_with_control_of_production_and_service_provision?}}
Recorded conformities:
{{form.Record_conformities_for_control_of_production_and_service_provision}}
Recorded nonconformities:
{{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}
Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}
Recorded nonconformities:
{{form.Record_nonconformities_for_type_and_extent_of_control_2}}
Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}
Recorded nonconformities:
{{form.Record_nonconformities_for_information_for_external_providers_2}}
Suggestions: {{form.Suggestions_for_information_for_external_providers}}
Any nonconformities?:
{{form.Nonconformity_with_control_of_production_and_service_provision?}}
Recorded conformities:
{{form.Record_conformities_for_control_of_production_and_service_provision}}
Recorded nonconformities:
{{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}
Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}
Recorded conformities:
{{form.Record_conformities_for_identification_and_traceability_of_production_control}}
Recorded nonconformities:
{{form.Record_nonconformities_for_identification_and_traceability_of_production_control_2}}
Suggestions: {{form.Suggestions_for_identification_and_traceability_of_production_control}}
Any nonconformities?:
{{form.Nonconformity_with_control_of_external_provider/customer_property?}}
Recorded conformities:
{{form.Record_conformities_for_control_of_external_provider/customer_property}}
Recorded nonconformities:
{{form.Record_nonconformities_for_control_of_external_provider/customer_property_2}}
Suggestions: {{form.Suggestions_for_control_of_external_provider/customer_property}}
Preservation procedures
Information: {{form.Preservation_procedures_information}}
Suggestions: {{form.Suggestions_for_preservation_procedures}}
Post-delivery activities
Information: {{form.Post-delivery_activities_information}}
Suggestions: {{form.Suggestions_for_post-delivery_activities}}
Control of changes
Information: {{form.Control_of_changes_information}}
Suggestions: {{form.Suggestions_for_control_of_changes}}
Recorded nonconformities:
{{form.Record_nonconformities_for_release_of_products_and_services_2}}
Suggestions: {{form.Suggestions_for_release_of_products_and_services}}
Recorded nonconformities:
{{form.Record_nonconformities_for_control_of_nonconforming_outputs_2}}
Suggestions: {{form.Suggestions_for_control_of_nonconforming_outputs}}
Performance evaluation
Recorded nonconformities:
{{form.Record_nonconformities_for_QMS_performance_evaluation_2}}
Suggestions: {{form.Suggestions_for_QMS_performance_evaluation}}
Customer satisfaction
Information: {{form.Customer_satisfaction_information}}
Suggestions: {{form.Suggestions_for_customer_satisfaction}}
Any nonconformities?:
{{form.Nonconformity_with_performance_analysis_and_evaluation_of_procedures?}}
Recorded conformities:
{{form.Record_conformities_for_performance_analysis_and_evaluation_of_procedures}}
Recorded nonconformities:
{{form.Record_nonconformities_for_performance_analysis_and_evaluation_of_procedures_2}}
Suggestions: {{form.Suggestions_for_performance_analysis_and_evaluation_of_procedures}}
Suggestions: {{form.Suggestions_for_internal_audit_procedures}}
Recorded nonconformities:
{{form.Record_nonconformities_for_management_review_procedures_2}}
Suggestions: {{form.Suggestions_for_management_review_procedures}}
Improvement
Any nonconformities?:
{{form.Nonconformity_with_procedures_for_nonconformity_and_corrective_action?}}
Recorded conformities:
{{form.Record_conformities_for_procedures_for_nonconformity_and_corrective_action}}
Recorded nonconformities:
{{form.Record_nonconformities_for_procedures_for_nonconformity_and_corrective_action_2}
}
Suggestions: {{form.Suggestions_for_procedures_for_nonconformity_and_corrective_action}}
Any nonconformities?:
{{form.Nonconformity_with_procedures_for_continuous_improvement?}}
Recorded conformities:
{{form.Record_conformities_for_continuous_improvement_procedures}}
Recorded nonconformities:
{{form.Record_nonconformities_for_continuous_improvement_procedures_2}}
Suggestions: {{form.Suggestions_for_continuous_improvement_procedures}}
Additional recommendations
Unresolved issues
Closing the audit:
Audit reports should be issued within 24 hours of the audit to ensure the auditee is given
opportunity to take corrective action in a timely, thorough fashion
If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do"
pile, and much of the momentum of the audit, including discussions of findings and feedback
from the auditor, will have faded.
This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been
evaluated against criteria.
The audit report is the final record of the audit; the high-level document that clearly outlines a
complete, concise, clear record of everything of note that happened during the audit.
Use the sub-checklist below to check off important items included within the audit report:
1
2
3
4
5
6
7
9
Audit conclusions
10
11
As stressed in the previous task, that the audit report is distributed in a timely manner is one of
the most important aspects of the entire audit process.
Use the email widget below to quickly and easily distribute the audit report to all relevant
interested parties.
Depending on the outcome of the audit, there may be a need for follow-up action.
In any case, recommendations for follow-up action should be prepared ahead of the closing
meetingand shared accordingly with relevant interested parties.
Follow-up actions
Prepare for closing meeting
Before the closing meeting, the audit team should make adequate preparations.
Make sure the following items are resolved ahead of the closing meeting:
1
2
3
4
Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone
with the proceedings and outcome of the audit, and provide a firm resolution to the whole
process.
The main point of the closing meeting should be to present audit findings and conclusions.
Lead auditors should be responsible for presenting audit findings and conclusions.
You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant
interested parties are in attendance at the closing meeting:
1
Auditee management
2
3
4
5
6
1
If applicable, first addressing any special occurrences or situations that might have
impacted the reliability of audit conclusions
2
Making sure all present are familiar with or have access to the complete audit report
3
4
5
6
For more formal audits, minutes and records of attendance can be kept.
For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit
findings and audit conclusions.
In any case, during the course of the closing meeting, the following should be clearly
communicated to the auditee:
1
That audit evidence is based on sample information, and therefore cannot be fully
representative of the overall effectiveness of the processes being audited
2
3
4
5
6
7
The audit is to be considered formally complete when all planned activities and tasks have
been completed, and any recommendations or future actions have been agreed upon with
the audit client.
All information documented during the course of the audit should be retained or disposed of,
depending on:
However, it may sometimes be a legal requirement that certain information be disclosed. Should
that be the case, the auditee/audit client must be informed as soon as possible.
Introduction:
ISO 45001 defines the requirements for an occupational health and safety (OHS)
management system.
The purpose of the standard is to enable organizations to implement a management system that
facilitates continuous improvement of OHS performance, in the interest of preventing injury and
ill-health.
Organizations of all sizes and types can use ISO 45001; the standard will enable improvement
of performance by:
This checklist is designed as a supplement, and is not intended to replace ISO 45001.
For best results, users are encouraged to edit the checklist and modify the contents to best suit
their use cases, as it cannot provide specific guidance on the particular risks and controls
applicable to every situation.
Typically, management system auditors will prepare custom checklists that reflect the specific
scope, scale, and objectives of the operational health and safety management system being
audited.
Before beginning preparations for the audit, enter some basic details about the operational
health and safety management system (OHSMS) audit using the form fields below.
Auditee
For example, if management is running this checklist, they may wish to assign the lead internal
auditor after completing the basic audit details.
Preparing for the audit:
In order to understand the context of the audit, the audit programme manager should take into
account the auditee’s:
1
2
3
4
The audit programme manager needs to establish objectives of the OHSMS audit.
Individual audit objectives need to be consistent with the context of the auditee, including the
following factors:
1
2
3
4
Suitability of the OHSMS with respect to overall strategic context and business
objectives of the auditee
Audit objectives
Establish scope of the OHSMS audit
Consider the following factors, and define the audit scope in the form field below:
1
Audit location
2
Audit function
3
Audit activities
4
Processes to be audited
5
Audit time-frame
Audit scope
Establish criteria of the OHSMS audit
For individual audits, criteria should be defined to be used as a reference against which
conformity will be determined.
1
Relevant policies
2
4
5
6
7
Audit criteria
Ensure OHSMS audit monitoring systems are in place
Audit programme managers should also make sure that tools and systems are in place to
ensure adequate monitoring of the audit and all relevant activities.
1
Timeliness of the audit (whether deadlines and schedules are being met)
2
3
4
5
1
2
Audit complexity
3
4
Audit methods
5
Ability of the audit team to work and interact effectively with the auditee
6
7
Type and complexity of processes to be audited (do they require specialized knowledge?)
Use the various fields below to assign audit team members.
Audit programme managers should be responsible for assigning the audit team leader.
This should be done well ahead of the scheduled date of the audit, to be sure that planning can
take place in a timely manner.
A dynamic due date has been set for this task, for one month before the scheduled start date of
the audit.
Use the form fields below to record the details of the lead auditor.
The lead auditor should obtain and review all documentation of the auditee's management
system.
This will help to prepare for individual audit activities, and will serve as a high-level overview
from which the lead auditor will be able to better identify and understand areas of concern or
nonconformity.
Reference material, such as individual ISO standards, will be useful at this point.
Using the form fields below, record any issues of nonconformities observed.
Using the form fields below, describe the issue(s) with documented information so far, and
the steps taken to resolve the issue(s).
The lead auditor should prepare an audit plan for the individual audit.
1
2
3
4
5
6
7
8
You can use Process Street's task assignment feature to assign specific tasks in this checklist to
individual members of your audit team.
Initiating the audit:
The lead auditor should make contact with the auditee and ensure the following:
1
Basic introduction and clear outline of lead auditor roles and responsibilities
2
3
4
5
6
7
Determine if there are any additional regulatory requirements that will impact audit
activities
8
9
10
11
12
Risk areas of note are communicated
13
For example, the dates of the opening and closing meetings should be provisionally declared for
planning purposes.
An opening meeting between the auditee and all relevant parties should be held.
It's advised that the opening meeting should be led by the lead auditor.
The scheduling for this meeting should have already been determined earlier in the checklist.
During the opening meeting, confirm the following with all relevant parties:
1
2
3
4
5
6
7
That all planned activities can be performed, and proper authorization is acquired
8
Language of the audit
9
10
11
This meeting is a great opportunity to ask any questions about the audit process and generally
clear the air of uncertainties or reservations.
Depending on the size and scope of the audit (and as such the organization being audited) the
opening meeting might be as simple as announcing that the audit is starting, with a simple
explanation of the nature of the audit.
Familiarity of the auditee with the audit process is also an important factor in determining how
extensive the opening meeting should be.
During the opening meeting, the following items should be clearly communicated:
1
2
3
4
Procedures for receiving feedback from the auditee in response to findings during the
audit
Ensure relevant audit information is accessible
Where, when, and how information is accessible is a crucial factor during the audit.
It's important to make clear where all relevant interested parties can find important audit
information.
Make sure important information is readily accessible by recording the location in the form
fields of this task.
You may want to consider uploading important information to a secure central repository (URL)
that can be easily shared to relevant interested parties.
Understanding the context of the organization is necessary when developing a OHSMS in order
to identify, analyze, and understand the business environment in which the organization conducts
its business and realizes its product.
Record information pertaining to the organization and its context in the form fields below.
The scope of the operational health and safety management system is basically a description of
the processes, procedures, services, and products that the OHSMS applies to.
Provide a record of evidence gathered relating to the OHS management system scope in the
form fields below.
Provide a record of evidence gathered relating to the OHSMS policy in the form fields
below.
Provide a record of evidence gathered relating to the consultation and participation of the
workers of the OHSMS using the form fields below.
Record nonconformities for actions to address and identify OHSMS hazards information
Provide a record of evidence gathered relating to the determination of legal and other
requirements in the OHSMS using the form fields below.
Provide a record of evidence gathered relating to the OHSMS planning action using the
form fields below.
Provide a record of evidence gathered relating to the OHSMS objectives using the form
fields below.
Provide a record of evidence gathered relating to the OHSMS resources in the form fields
below.
Provide a record of evidence gathered relating to the OHSMS competence in the form fields
below.
Provide a record of evidence gathered relating to the OHSMS awareness in the form fields
below.
Provide a record of evidence gathered relating to operational planning and control of the
OHSMS in the form fields below.
Provide a record of evidence gathered relating to procedures for eliminating hazards and
risks in the OHSMS using the form fields below.
Record nonconformities for procedures for eliminating OHSMS hazards and risks
Provide a record of evidence gathered relating to procurement in the OHSMS using the
form fields below.
Provide a record of evidence gathered relating to systems for monitoring and measuring
performance in the OHSMS using the form fields below.
Systems for monitoring and measuring OHSMS performance information
Record nonconformities for systems for monitoring and measuring OHSMS performance
Record nonconformities for OHSMS incident, nonconformity, and corrective action procedures
Conformities: {{form.Record_conformities_for_organization_and_its_context}}
Nonconformities: {{form.Record_nonconformities_for_organization_and_its_context}}
Suggestions: {{form.Suggestions_for_organization_and_its_context}}
Any nonconformities?:
{{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}
Conformities:
{{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}
Nonconformities:
{{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties}}
Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}
OHSMS scope
Information: {{form.OHSMS_scope_information}}
Conformities: {{form.Record_conformities_for_OHSMS_scope}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_scope}}
Suggestions: {{form.Suggestions_for_OHSMS_scope}}
Leadership
OHSMS leadership
Information: {{form.OHSMS_leadership_information}}
Conformities: {{form.Record_conformities_for_OHSMS_leadership}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_leadership}}
Suggestions: {{form.Suggestions_for_OHSMS_leadership}}
OHSMS policy
Information: {{form.OHSMS_policy_information}}
Conformities: {{form.Record_conformities_for_OHSMS_policy}}
Nonconformities: {{form.Record_nonconformities_for_OHSMSpolicy}}
Suggestions: {{form.Suggestions_for_OHSMS_policy}}
Conformities: {{form.Record_conformities_for_OHSMS_roles_and_responsibilities}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_roles_and_responsibilities}}
Suggestions: {{form.Suggestions_for_OHSMS_roles_and_responsibilities}}
Conformities: {{form.Record_conformities_for_consultation_and_participation_of_workers}}
Nonconformities:
{{form.Record_nonconformities_for_consultation_and_participation_of_workers}}
Suggestions: {{form.Suggestions_for_consultation_and_participation_of_workers}}
Planning
Any nonconformities?:
{{form.Nonconformity_with_documentation_of_OHSMS_risks_and_opportunities?}}
Conformities: {{form.Record_conformities_for_OHSMS_risks_and_opportunities}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_risks_and_opportunities}}
Suggestions: {{form.Suggestions_for_OHSMS_risks_and_opportunities}}
Any nonconformities?:
{{form.Nonconformity_with_actions_to_address_and_identify_OHSMS_hazards_information?}
}
Conformities:
{{form.Record_conformities_for_actions_to_address_and_identify_OHSMS_hazards_informati
on}}
Nonconformities:
{{form.Record_nonconformities_for_actions_to_address_and_identify_OHSMS_hazards_infor
mation}}
Suggestions:
{{form.Suggestions_for_actions_to_address_and_identify_OHSMS_hazards_information}}
Any nonconformities?:
{{form.Nonconformity_with_determination_of_OHSMS_legal/other_requirements?}}
Conformities:
{{form.Record_conformities_for_determination_of_OHSMS_legal/other_requirements}}
Nonconformities:
{{form.Record_nonconformities_for_determination_of_OHSMS_legal/other_requirements}}
Suggestions: {{form.Suggestions_for_determination_of_OHSMS_legal/other_requirements}}
Conformities: {{form.Record_conformities_for_OHSMS_planning_action}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_planning_action}}
Suggestions: {{form.Suggestions_for_OHSMS_planning_action}}
OHSMS objectives
Information: {{form.OHSMS_objectives_information}}
Conformities: {{form.Record_conformities_for_OHSMS_objectives}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_objectives}}
Suggestions: {{form.Suggestions_for_OHSMS_objectives}}
Support
OHSMS resources
Information: {{form.OHSMS_resources_information}}
Conformities: {{form.Record_conformities_for_OHSMS_resources}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_resources}}
Suggestions: {{form.Suggestions_for_OHSMS_resources}}
OHSMS competence
Information: {{form.OHSMS_competence_information}}
Conformities: {{form.Record_conformities_for_OHSMS_competence}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_competence}}
Suggestions: {{form.Suggestions_for_OHSMS_competence}}
OHSMS awareness
Information: {{form.OHSMS_awareness_information}}
Conformities: {{form.Record_conformities_for_OHSMS_awareness}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_awareness}}
Suggestions: {{form.Suggestions_for_OHSMS_awareness}}
Conformities: {{form.Record_conformities_for_OHSMS_communication_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_communication_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_communication_procedures}}
OHSMS documented information
Information: {{form.OHSMS_documented_information_notes}}
Conformities: {{form.Record_conformities_for_OHSMS_documented_information}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_documented_information}}
Suggestions: {{form.Suggestions_for_OHSMS_documented_information}}
Operation
Conformities: {{form.Record_conformities_for_OHSMS_planning_and_control}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_planning_and_control}}
Suggestions: {{form.Suggestions_for_OHSMS_planning_and_control}}
Any nonconformities?:
{{form.Nonconformity_with_procedures_for_eliminating_OHSMS_hazards_and_risks?}}
Conformities:
{{form.Record_conformities_for_procedures_for_eliminating_OHSMS_hazards_and_risks}}
Nonconformities:
{{form.Record_nonconformities_for_procedures_for_eliminating_OHSMS_hazards_and_risks}
}
Suggestions:
{{form.Suggestions_for_procedures_for_eliminating_OHSMS_hazards_and_risks}}
Any nonconformities?:
{{form.Nonconformity_with_procedures_for_management_of_OHSMS_change?}}
Conformities:
{{form.Record_conformities_for_procedures_for_management_of_OHSMS_change}}
Nonconformities:
{{form.Record_nonconformities_for_procedures_for_management_of_OHSMS_change}}
Suggestions: {{form.Suggestions_for_procedures_for_management_of_OHSMS_change}}
OHSMS procurement
Information: {{form.OHSMS_procurement_information}}
Conformities: {{form.Record_conformities_for_OHSMS_procurement}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_procurement}}
Suggestions: {{form.Suggestions_for_OHSMS_procurement}}
Any nonconformities?:
{{form.Nonconformity_with_OHSMS_emergency_preparedness_and_response?}}
Conformities:
{{form.Record_conformities_for_OHSMS_emergency_preparation_and_response}}
Nonconformities:
{{form.Record_nonconformities_for_OHSMS_emergency_preparation_and_response}}
Suggestions: {{form.Suggestions_for_OHSMS_emergency_preparation_and_response}}
Performance evaluation
Any nonconformities?:
{{form.Nonconformity_with_systems_for_monitoring_and_measuring_OHSMS_performance?}
}
Conformities:
{{form.Record_conformities_for_systems_for_monitoring_and_measuring_OHSMS_performan
ce}}
Nonconformities:
{{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_OHSMS_perfor
mance}}
Suggestions:
{{form.Suggestions_for_systems_for_monitoring_and_measuring_OHSMS_performance}}
Conformities: {{form.Record_conformities_for_evaluation_of_OHSMS_compliance}}
Nonconformities: {{form.Record_nonconformities_for_evaluation_of_OHSMS_compliance}}
Suggestions: {{form.Suggestions_for_evaluation_of_OHSMS_compliance}}
Conformities: {{form.Record_conformities_for_OHSMS_internal_audit_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_internal_audit_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_internal_audit_procedures}}
Any nonconformities?:
{{form.Nonconformity_with_OHSMS_management_review_procedures?}}
Conformities: {{form.Record_conformities_for_OHSMS_management_review_procedures}}
Nonconformities:
{{form.Record_nonconformities_for_OHSMS_management_review_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_management_review_procedures}}
Improvement
Any nonconformities?:
{{form.Nonconformity_with_OHSMS_incident,_nonconformity,_and_corrective_action_proced
ures?}}
Conformities:
{{form.Record_conformities_for_OHSMS_incident,_nonconformity,_and_corrective_action_pr
ocedures}}
Nonconformities:
{{form.Record_nonconformities_for_OHSMS_incident,_nonconformity,_and_corrective_action
_procedures}}
Suggestions:
{{form.Suggestions_for_OHSMS_incident,_nonconformity,_and_corrective_action_procedures
}}
Any nonconformities?:
{{form.Nonconformity_with_OHSMS_continuous_improvement_procedures?}}
Conformities:
{{form.Record_conformities_for_OHSMS_continuous_improvement_procedures}}
Nonconformities:
{{form.Record_nonconformities_for_OHSMS_continuous_improvement_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_continuous_improvement_procedures}}
Closing the audit:
Audit reports should be issued within 24 hours of the audit to ensure the auditee is given
opportunity to take corrective action in a timely, thorough fashion
If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do"
pile, and much of the momentum of the audit, including discussions of findings and feedback
from the auditor, will have faded.
This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been
evaluated against criteria.
The audit report is the final record of the audit; the high-level document that clearly outlines a
complete, concise, clear record of everything of note that happened during the audit.
Use the sub-checklist below to check off important items included within the audit report:
1
2
3
4
5
6
7
8
Audit conclusions
10
11
As stressed in the previous task, that the audit report is distributed in a timely manner is one of
the most important aspects of the entire audit process.
Use the email widget below to quickly and easily distribute the audit report to all relevant
interested parties.
Depending on the outcome of the audit, there may be a need for follow-up action.
As part of the follow-up actions, the auditee will be responsible for keeping the audit team
informed of any relevant activities undertaken within the agreed time-frame. The completion and
effectiveness of these actions will need to be verified - this may be part of a subsequent audit.
In any case, recommendations for follow-up action should be prepared ahead of the closing
meetingand shared accordingly with relevant interested parties.
Follow-up actions
Prepare for closing meeting
Before the closing meeting, the audit team should make adequate preparations.
Make sure the following items are resolved ahead of the closing meeting:
1
2
3
4
Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone
with the proceedings and outcome of the audit, and provide a firm resolution to the whole
process.
The main point of the closing meeting should be to present audit findings and conclusions.
Lead auditors should be responsible for presenting audit findings and conclusions.
You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant
interested parties are in attendance at the closing meeting:
1
Auditee management
2
4
5
6
1
If applicable, first addressing any special occurrences or situations that might have
impacted the reliability of audit conclusions
2
Making sure all present are familiar with or have access to the complete audit report
3
4
5
6
For more formal audits, minutes and records of attendance can be kept.
For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit
findings and audit conclusions.
In any case, during the course of the closing meeting, the following should be clearly
communicated to the auditee:
1
That audit evidence is based on sample information, and therefore cannot be fully
representative of the overall effectiveness of the processes being audited
2
3
4
5
6
7
The audit is to be considered formally complete when all planned activities and tasks have
been completed, and any recommendations or future actions have been agreed upon with
the audit client.
All information documented during the course of the audit should be retained or disposed of,
depending on:
However, it may sometimes be a legal requirement that certain information be disclosed. Should
that be the case, the auditee/audit client must be informed as soon as possible.
Introduction:
This template is designed to be used to perform a self-audit in accordance with requirements
of ISO 14001:2015 for environmental management systems (EMS).
Requirements are presented in the form of tasks with form fields to record various information
about the status of each of the 10 high level clauses as outlined in the Annex SL standard for
management systems:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
These clauses are then further broken down into the Plan, Do, Check, or Act segments of
the PDCA cycle.
This checklist can be used as an effective tool for implementing the environmental management
system and for self-assessment of the system.
Self-auditing can help to define a high-level overview of an organization's performance, and
determine the effectiveness (or not) of its various management systems.
What's more, it can help to identify problem areas and successfully apply principles of
continuous improvement.
Self-auditing is best used as a tool to discover the potential opportunities for innovation and
continuous improvement; it is not a replacement for a 3rd party CB (Certified Body) audit and
will not necessarily result in an ISO certification.
This checklist was designed to factor in repeat audits, so that continuous improvement principles
could be applied over the course of multiple audits, with each successive audit contributing to the
inputs of the next.
The framework outlined in this checklist can be used as is, or edited and customized to suit your
specific needs.
In order to maximise the success of the organization, consider the following audit guidelines:
Additional resources
For more ISO-related templates for various management systems (quality management,
environmental management, etc.) we have the following resources available for you to use:
With Process Street, you can quickly and easily create, edit and deploy your processes.
Using the form fields below, record some basic details about the audit, including details of
who is to perform the audit, reasoning for the audit, audit start date, and any additional notes.
Using the form fields below, record your assessment of the EMS scope.
Scope of EMS
Using the form fields below, record your assessment of the environmental policy.
Using the form fields below, record your assessment of the environmental aspects of
planning.
Consider whether the organization has established, implemented and maintained a procedure to
identify the environmental aspects of activities, products or services that are within the scope of
its EMS.
1
2
1
Documentation
2
Communication
3
4
Using the form fields below, record your assessment of legal and regulatory requirements.
Consider whether a procedure been established and implemented to identify and have access to
applicable legal and other requirements (eg. National Packaging Covenant, Greenhouse
Challenge) which the organization subscribes to that are directly applicable to the identified
environmental aspects.
Using the form fields below, record your assessment of environmental objectives, targets,
and strategies.
Consider whether the organization has established, implemented and maintained documented
environmental objectives and targets.
1
Environmental policy
2
3
Prevention of pollution
4
Continuous improvement
Also assess the following:
Do:
Using the form fields below, record your assessment of resources, roles, responsibility, and
authority.
How are roles, responsibility and authorities defined, documented and communicated?
1
Human resources
2
Specialised skills?
3
Organizational infrastructure
4
Technology
5
Financial resources
Has a specific management representative for the EMS been
assigned?
Assess whether the roles of the EMS representative include the defined roles, responsibilities and
authority for:
1
2
Using the form fields below, record details of your assessment of employee competence,
training, and awareness.
1
The importance of conformity with the environmental policy and procedures and with the
requirements of the environmental management system
2
The significant environmental aspects and related actual or potential impacts associated
with their work activities and the environmental benefits of improved personal
performance
3
Their roles and responsibilities in achieving conformity with the requirements of the
environmental management
4
Using the form fields below, record your assessment of communication of and within the
context of the EMS.
Firstly, as relevant to the EMS, has the organization established, implemented and maintained
procedure(s) for:
1
Internal communication between the various levels and functions of your organization
2
Using the form fields below, record your assessment of documentation systems.
To begin with, consider how the organization’s environmental management system documents
the following:
1
2
3
4
5
Documents, including records, necessary for the effective planning, operation and control
of processes related to its significant aspects
Using the form fields below, record your assessment of control of documents in the EMS.
1
Who approves the documents for adequacy before they are issued
2
3
How current versions of relevant documents are made available at points of use
5
6
How external documents, as determined by the organization for effective planning and
operation of the environmental management system are identified and controlled
7
How to prevent obsolete documents against unintended use, and apply suitable
identification to them if they are retained for any purpose
Using the form fields below, record your assessment of operational control.
How are operations identified and planned in the context of the EMS?
Consider how operational activities are planned in order to ensure that they are carried out under
specified conditions such as:
1
2
3
Using the form fields below, record your assessment of emergency preparedness and
response.
Consider how the organization has established, implemented and maintained a procedure(s) to
identify the potential emergency situations and potential accidents that can have an impact on the
environment
Using the form fields below, record your assessment of monitoring and measurements.
1
Performance
2
Relevant operational controls
3
Comments on compliance
Assess non-conformity, corrective, and preventative action
Using the form fields below, record your assessment of non-conformity, corrective, and
preventative action.
Consider whether the organization has established, implemented and maintained a procedure(s)
for the following:
1
2
1
Identifying and correcting non-conformities and taking action to mitigate the resulting
environmental impacts
2
Investigating the non-conformities, determining their causes and take action to avoid their
recurrence
3
4
5
How are changes such as corrective and preventative action documented in the EMS?
Using the form fields below, record your assessment of control of records.
1
2
Communication
3
4
5
6
Internal audits
7
Management review
Are the records legible, identifiable and traceable?
Using the form fields below, record your assessment of the procedure for conducting an
internal audit.
1
Conforms to planned arrangements for environmental management including the
requirements of this standard
2
1
(a) the responsibilities and requirements for planning and conducting audits, reporting
results and retention of associated records?
2
Using the form fields below, record your assessment of management review.
1
Results from internal audits and evaluations of compliance with legal and other
requirements
2
3
4
The extent to which the objectives and targets have been met
5
6
7
Use the file upload or website link form field below to attach or link to a more comprehensive set
of recommendations, if applicable.
Recommendations summary
Full recommendations file upload
File will be uploaded here
See results of the audit
Commencing: {{form.Start_date}}
Scope
EMS scope:
Scope of EMS: {{form.Scope_of_EMS}}
Environmental policy
Definition of environmental policy:
Policy consistent with EMS scope: {{form.Policy_consistent_with_EMS_scope?}}
Plan
Environmental aspects of planning:
Inclusive of planned or new developments:
{{form.Inclusive_of_planned_or_new_developments?}}
Person responsible for identifying and determining impact of regulatory requirements competent:
{{form.Person_responsible_for_identifying_and_determining_impact_of_regulatory_requiremen
ts_competent?}}
Have these been established at relevant functions and levels within the organization:
{{form.Have_these_been_established_at_relevant_functions_and_levels_within_the_organizatio
n?}}
How does the organization ensure that strategies are updated as a result of new developments:
{{form.How_does_the_organization_ensure_that_strategies_are_updated_as_a_result_of_new_d
evelopments?}}
Do
Resources, roles, responsibility, and authority:
How are roles, responsibility and authorities defined, documented and communicated:
{{form.How_are_roles,_responsibility_and_authorities_defined,_documented_and_communicat
ed?}}
How does the organization identify training requirements for the EMS:
{{form.How_does_the_organization_identify_training_requirements_for_the_EMS?}}
Communication:
Are environmental aspects communicated externally:
{{form.Are_environmental_aspects_communicated_externally?}}
Documentation systems:
How is the documentation system maintained:
{{form.How_is_the_documentation_system_maintained?}}
Control of documents:
Is there a standardized procedure for controlling all documents in the EMS:
{{form.Is_there_a_standardized_procedure_for_controlling_all_documents_in_the_EMS?}}
Operational control:
How are operations identified and planned in the context of the EMS:
{{form.How_are_operations_identified_and_planned_in_the_context_of_the_EMS?}}
Are environmental aspects considered in the emergency preparedness and response procedure(s):
{{form.Are_environmental_aspects_considered_in_the_emergency_preparedness_and_response
_procedure(s)?}}
Does the procedure(s) cover how the organization will respond to these situations:
{{form.Does_the_procedure(s)_cover_how_the_organization_will_respond_to_these_situations?
}}
How do these procedures account for adverse environmental impacts of emergency situations:
{{form.How_do_these_procedures_account_for_adverse_environmental_impacts_of_emergency
_situations?}}
How are emergency preparedness and response procedures reviewed:
{{form.How_are_emergency_preparedness_and_response_procedures_reviewed?}}
Check/Study
Monitoring and measurements:
Is there a procedure(s) to monitor and measure environmental impacts:
{{form.Is_there_a_procedure(s)_to_monitor_and_measure_environmental_impacts?}}
Compliance:
Does the organization have a procedure(s) for compliance evaluation:
{{form.Does_the_organization_have_a_procedure(s)_for_compliance_evaluation?}}
How are decisions made regarding action taken to eliminate causes of non-conformity, etc:
{{form.How_are_decisions_made_regarding_action_taken_to_eliminate_causes_of_non-
conformity,_etc?}}
How are changes such as corrective and preventative action documented in the EMS:
{{form.How_are_changes_such_as_corrective_and_preventative_action_documented_in_the_E
MS?}}
Control of records:
Is there a standardized process for updating environmental records:
{{form.Is_there_a_standardized_process_for_updating_environmental_records?}}
How does the organization provide information on the results of audits to management:
{{form.How_does_the_organization_provide_information_on_the_results_of_audits_to_manage
ment?}}
Act
Management review:
Is the EMS regularly reviewed by management:
{{form.Is_the_EMS_regularly_reviewed_by_management?}}
Does the review include assessing opportunities for improvement:
{{form.Does_the_review_include_assessing_opportunities_for_improvement?}}
Audit overview:
Describe the maturity level of the organization:
{{form.Describe_the_maturity_level_of_the_organization}}
Introduction:
As competition increases and alongside higher environmental awareness, more and more
organizations are choosing to implement both ISO 9001 and ISO 14001 standards together in
a single, unified integrated management system.
It should come as no surprise, as both standards share many similarities, both being based on
the Annex SL management system standard.
Both quality management systems and environmental management systems are highly
synergistic with one another.
The need for implementing both an EMS and QMS together in a single IMS has existed for a
long time, and the trend is only growing. The best solution for this is to take them both on in one
fell swoop, in the form of an integrated management system.
This checklist is designed to help you integrate your existing EMS and QMS policies and
procedures, and consolidate two separate manuals into one.
By implementing both standards together into a single reference point, you will save yourself
time and money by not having to do twice the work to update two separate management
systems.
It will also allow you to align the environmental objectives with quality policies, and achieve
further synergy between the two systems in service of your overarching business goals.
How and where to start implementing a singular integrated management system will be different
for each company, but this checklist should offer you a firm starting point and get the ball
rolling, providing you with actionable steps towards a complete IMS.
First of all, record some basic details about the checklist, and who's running it.
This will be useful as part of the documentation of your EMS in the future.
This plan needs to include precisely defined activities, resources, responsibilities and deadlines.
Doing this enables the company to clearly identify what needs to be done, how long it will take,
what resources are needed, and who will do it in the best way.
A good plan will facilitate the integration and allow some of the tasks to be
performed simultaneously, decreasing the time needed for the implementation project.
Using the form fields below, record the project plan outline, and upload a full project plan
document if applicable.
To set a firm foundation for the system, the company must first determine the scope of the
management system by defining what locations and processes the system applies to.
Having separate systems for ISO 9001, ISO 14001 and ISO 45001 allows having separate
scopes, which can be convenient in some cases but, for most companies, the scope will be the
same.
The scope is usually the entire company, or it could be only some of the processes and locations.
All standards require the scope to be documented (see here for a free preview of Scope of the
Integrated Management System); the only difference is that ISO 9001 allows organizations to
determine what requirements of the standard are not applicable to the organization, and can
therefore be excluded from the scope of the IMS.
This is only applicable if the exclusion does not affect the company’s ability to ensure
conformity of products and services, or the enhancement of customer satisfaction, and
justification must
be given for any exclusions.
This will essentially require you to establish and compare the scope of both EMS and QMS, and
determine where overlap exists.
Using the form fields in this task, record the scope of both EMS and QMS separately.
EMS scope
QMS scope
Determine common ground
The next step is to identify all of the common requirements from the three standards, and this is
not a short list.
Basically, clauses 4, 5, 7, 9 and 10 are almost the same, with some small differences.
There are quite a lot of common requirements that, with minor adaptations, can be met through a
single process or document.
Use the sub-checklist below to run through each of the clauses, and detail how the integrated
requirements for each will be met in the form fields of this task.
1
2
3
Leadership
4
Policies
5
Risks
6
Opportunities
7
Environmental aspects
8
Compliance
9
This is the core of the standard, the Do phase, and here the integration brings the highest
benefits.
If the company has integrated ISO 9001 and ISO 14001 systems, operational planning and
control will not be conducted separately and will not double the use of resources in some phases.
This facilitates establishment of the systems, but it brings difficulties when performing the
activities.
The people who will be conducting the operational controls for ISO 9001 or ISO 14001 are the
same ones in charge of the processes, and will get instructions from different sources.
For ISO 9001 the instructions will come from process procedures, while ISO 14001 instructions
will come from the procedure for operational controls of the environmental aspects.
This can be confusing, and may lead to contradiction in the instructions to the employees. And,
by coordinating the employees from different sources, it may lead to unnecessary activities or
doubled activities just because the two procedures refer to the same process.
That is why it is important to include the requirements of both standards when developing a
procedure for a single process.
When fulfilling the following requirements for ISO 9001 operational control, it is vital
to include requirements for operational controls of significant environmental aspects within
the processes:
1
2
3
Defining resources
4
This will result in having one workflow for the process without risk that something is left out or
the sequence of activities is jeopardized.
Determine whether or not all procedures contain requirements for both ISO 9001 and ISO
14001 with the form field below.
All procedures contain requirements for both ISO 9001 and ISO
14001?
Integrate resource management processes
Resource management can be done in the same way for both ISO 9001 and ISO 14001 and be
compliant with the requirements of both standards, except for one small difference.
ISO 9001 defines additional resource requirements and separates them into several sub-clauses.
Using the sub-checklist below, make sure your resource management procedures have the
following sub-clauses:
1
People
2
Infrastructure
3
4
5
Organizational knowledge
Integrate requirements for competence and awareness
Similarly, requirements for employee competence, training, and awareness are the same, with
one small difference.
The difference is that the EMS refers to environmental requirements, and the QMS to quality
requirements, but they can both be met with the same process.
Considering both quality and environmental requirements can help to improve process
optimization, coordinating employees with an overview of all resources needed and providing
improved coordination of business outputs.
Using the form fields below, record the various quality and environmental competence
requirements.
The requirements are the same for internal communication, with the exception that ISO 14001
additionally requires external communication of the environmental policies and such.
This also means both internal and external communication procedures will need to be
extensively documented.
Using the form fields below, define what will be communicated, when, to whom, and how.
This one is easy; requirements for documenting information is identical in both ISO 9001 and
ISO 14001.
The singular integrated process, then, should define the following aspects of documented
information:
1
Creation
2
Update
3
Distribution
4
Withdrawal
5
Retention
Study/Check:
Define monitoring and measurement requirements
Both ISO 9001 and ISO 14001 require the organization to define what will be monitored and
measured, how, how often, and how the results will be analyzed.
Besides the different perspectives of the standards, the difference is that ISO 9001 has a separate
sub-clause with requirements regarding monitoring and measuring customer satisfaction, while
ISO 14001 has additional requirements for the evaluation of compliance
1
2
The internal audit is the same in terms of how it is conducted for both standards; the difference is
in the clauses and requirements to be audited.
Having one process for internal audits of both standards will facilitate coordination and planning
of the audits; the fact that they are part of the same system doesn’t mean that the ISO 9001 and
ISO 14001 requirements must be audited at the same time, but having one internal audit program
(here you can find the free preview of Internal Audit Program) for both standards will help the
organization to plan the audits better and avoid overlapping of resources
If you don't already have a clearly defined audit process, then check out these checklist
templates for self-auditing both ISO 9001 for quality management, and ISO 14001 for
environmental management:
The appeal of an integrated management system is clear to top management: they will only have
to hold one meeting instead of two.
Management reviews should be performed only once all reports and input elements for both the
QMS and EMS have been gathered in one place.
This way, it will be far easier to make decisions informed by a singular perspective of the IMS
and its performance.
Outline the integrated scope of the management review in the form field below.
Whether quality or environmental, problems like these can be resolved in much the same ways.
Consider this fact when developing the singular integrated procedure for managing
nonconformities and corrective actions for both quality and environmental management systems.
Outline the primary strategies for continuous improvement with the form field below.