Internal Audit Checklist Q1 - IsO 2015 - Final Format

INTERNAL AUDIT CHECKLIST API Spec Q1 9 th and ISO 9001:2015
AUDIT INFO
Facility Facility
Name: Contact:
Criteria:
Scope:
Start Date: End Date:
AUDIT TEAM
Name Title Name Title
PREVIOUS AUDIT FINDINGS

Finding# Description Auditor Comments Open Closed
Page 1 of 30
QUALITY MANAGEMENT SYSTEM REQUIREMENTS

API Spec Q1, Section 4 / ISO 9001:2015, Sections 4.1, 4.2, 5.2, 6.2
In the space provided below, detail the objective evidence (documentation reviewed, records reviewed and personnel interviewed) to
ensure conformance with QMS requirements. Detail any discrepancies / nonconformance identified.
Requirement: Objective Evidence/Comments: Finding Auditee Auditor
QMS Scope:
Organization has established, documented,
implemented and maintained a QMS for all servicing
and products provided for use in the petroleum and
natural gas industry.
The QMS scope considers all requirements, external

and internal issues and requirements of the relevant
interested parties.
Quality Manual
QM addresses the following requirements:
 Scope of the QMS, including exclusions
 Sequence and interaction of the processes
 Processes that require validation
 Reference to documented procedures that control

the QMS
QMS Processes
Organization has determined:
 Process inputs and outputs
 Sequence and interaction of the processes
 Criteria and methods for effective operation and

control of processes (see 4.1.4, Planning)
Organization and Context (ISO 9001, 4.1)

 internal and external issues relevant to purpose,

strategic direction and affect QMS results
Page 2 of 30
Understanding Interested Parties (ISO 9001, 4.2)

 interested parties that are relevant to QMS

 The requirements of those interested parties that are
relevant to the QMS.
Quality Policy
Quality Policy - defined, documented and approved as
required, communicated and meets all requirements identified
in the applicable standard.
Compatible and supports the organization’s strategic vision.

Available to relevant interested parties, as appropriate (ISO
9001, 5.2.2)
Quality Objectives
 Documented and updated, as appropriate
 Approved by Top Management
 Established and communicated at relevant functions and
levels
 Measurable and consistent with the Quality Policy
 KPIs identified for use in Data Analysis
 Took into account applicable requirements
 Relevant to products, services, enhancement of customer
satisfaction and the strategic vision of the organization (ISO
9001, 6.2.1)
QMS Planning
Management has ensured:
 criteria and methods needed for the operation and control

of the QMS are determined, managed and are effective
 planning of the QMS is carried out to meet spec
requirements
Planning to Achieve Quality Objectives (ISO 9001, 6.2.2)
Organization has considered external/internal issues,
requirements of interested parties and identified risk and
opportunities have been considered
Organization has determined the activities, resources,

responsibilities, completion dates and timeframes, and
evaluation methods for achieving the quality objectives
Page 3 of 30
COMMUNICATION PROCESSES
API Spec Q1, Section 4.1.5 / ISO 9001:2015, Section 7.4
Internal and External Communications
Process established for determining requirements for internal
and external communications relating to the QMS.
Internal
Effectiveness of the QMS is communicated.
Processes ensure that the importance of meeting
requirements and analysis of data is communicated at relevant
functions.
External
Appropriate communication with external organizations
including customers to ensure that requirements are
understood.
Communication processes meet applicable requirements of
the standard.
Customer communication
 Information related to products and services
 Handling inquiries, contracts/orders and changes
 Obtaining customer feedback including complaints
 Specific requirements for contingency actions, when
relevant.
Page 4 of 30
MANAGEMENT RESPONSIBILITY / LEADERSHIP

API Spec Q1, Section 4.2, 4.3.1 / ISO 9001:2015, Section 5
Resources and Support
Top management / Organization
 Ensures availability of resources essential to the QMS.
 Ensures that the required resources, including people,
infrastructure and work environment are in place to achieve
product / servicing conformity.
 Ensures integration of the QMS requirements into the
business processes
 Ensures QMS achieves it intended results
 Engages, directs and supports persons to contribute to the
effectiveness of the QMS
 Supports other management roles to demonstrate their
leadership as it applies to areas of responsibility (ISO 9001,
Section 5.1.1)
Responsibility and Authority
Responsibilities, authorities, and accountabilities are defined,
documented, assigned within and communicated throughout
the organization.
Management Representative
Management Representative has been appointed and
maintained by Top Management.
Verify the following:
 Competence, training & awareness for appointment;

 Applicable responsibility and authority granted and includes
all requirements.
Page 5 of 30
API Spec Q1, Section 4.3 / ISO 9001:2015, Sections 7.1, 7.2, 7.3
Resources
Organization:
 Ensures that the required resources, including people,
infrastructure and work environment are in place to achieve
product / servicing conformity.
 Considers capabilities of, and constraints on, existing
internal resources (ISO 9001, 7.1.1)
Personnel Competence
Organization determines the necessary competence for
personnel performing work affecting product quality.
Training and Awareness

Verify that the organization:
 provides for QMS training and job training;
 includes customer-specified and/or customer-provided
training;
 identifies the frequency and content of training;
 ensure personnel are aware of the quality policy
 ensure personnel are aware of the relevance and
importance of their activities and how they contribute to the
achievements of the quality objectives; and
 Maintains appropriate records.
Facility identifies training needs and ensures that personnel

receive adequate training to address competency needs.
Effectiveness of actions are evaluated and maintained (i.e.,

competence evaluation) to ensure requirements are met.
Organizational Knowledge (ISO 9001, 7.1.6)

Verify that the organization:
 Determined the knowledge necessary for operation of
processes to achieve product /servicing conformity
 Knowledge maintained and available
 Process in place for evaluating changes in relation to current

knowledge and determine actions to obtain/upd1ate
necessary knowledge
Page 6 of 30
Personnel Sampled for Competency, Awareness and Training

Training Recorded
Competency Defined / Record
Name Title Finding#:
Evidenced
Work Environment
Organization has determined, provided, and maintained the work
environment, including buildings, workspace and utilities; process
equipment; supporting services and proper conditions needed to
achieve conformity applicable to the manufacture of the product(s).
Page 7 of 30
DOCUMENTATION REQUIREMENTS / DOCUMENTED INFORMATION

API Spec Q1, Section 4.4 / ISO 9001:2015, Section 7.5
Procedures (required by API Spec Q1)
Verify that procedures required by the standard are established, documented, implemented, and maintained for continual suitability.
(Please complete the Identification of QMS Procedures table and identify any nonconformities as applicable)
Mark API Mark
API Spec Q1 with “X” Finding Spec with “X”
Requirement Requirement Finding#
Clause if # Q1 if
available Clause available
Competency and
4.3.2.1 5.7.4 Product Inspection/Test
Training
Customer-supplied
4.4.3 Control of Documents 5.7.5
Property
Use of External
4.4.4 5.7.6 Preservation of Product
Documents
4.5 Control of Records 5.7.7 Inspection & Testing
Review of
5.1.1 5.7.8 Preventive Maintenance
Requirements
Control of Testing,
Risk Assessment &
5.3 5.8 Measuring, & Monitoring
Management
Equipment
5.5 Contingency Planning 5.9 Product Release
Control of Nonconforming
5.6 Purchasing 5.10
Product
Verification of
5.6.3 Purchased Products or 6.2.1 Customer Satisfaction
Activities
5.7.1.1 Control of Production 6.2.2 Internal Audit
5.7.1.2 Control of Servicing 6.3 Analysis of Data
Validation of Processes
5.7.1.5 for Production and 6.4.2 Corrective Action
Servicing
Identification &
5.7.3 6.4.3 Preventive Action
Traceability
Page 8 of 30
CONTROL OF DOCUMENTS
Documents required by the QMS are controlled to ensure that
relevant versions are used and maintained.
Appropriate formats
Information is adequately protected.
External documents are controlled to ensure that relevant

versions are used and maintained.
Obsolete documents are identified / removed to ensure against

unintended use.
Use of External Documents in Product Realization

External documents are integrated into the product realization
process and other processes.
Product and other specific requirements are integrated as
required.
For Monogram Licensees/Applicants, ensure that all applicable
official API specifications and normative standards are available
for personnel to use. API specifications must not be
unauthorized reproductions or altered versions.
CONTROL OF RECORDS / DOCUMENTED INFORMATION
Procedure implemented, and maintained.
Controls include processes and responsibilities for identification,
collection, storage, protection, retention, retrieval and
disposition.
Documented information / records retained as evidence of
conformity protected from unintended alterations (ISO 9001,
7.5.3.2)
Records are established and controlled to provide evidence of
conformity to requirements and the QMS, including records
originating from outsourced activities.
Records are maintained based on the required retention times as
specified in the applicable standard, product spec, and / or the
customer / QMS requirements.
Page 9 of 30
QMS MONITORING, MEASUREMENT, ANALYSIS AND IMPROVEMENT

API Spec Q1, Section 6.1 and 6.4.1 / ISO 9001:2015, Section 9.1.1 and 10.1
Requirements: Objective Evidence / Comments: Finding Auditee Auditor
Monitoring, measurement, analysis, and improvement processes
needed to ensure conformity to requirements are planned and
implemented.
Including what to monitor/measure, when to monitor/measure,
when the monitor/measure results shall be evaluated.
Determination of applicable monitoring / measuring methods and
the extent of their use are included.
Documented information retained as evidence of results of QMS
performance and effectiveness evaluations.
PROCESS EVALUATION
API Spec Q1, Section 6.2.3 / ISO 9001:2015, Sections 5.3 and 9.1.1
Suitable methods are applied for monitoring/measuring QMS
processes.
Methods demonstrate the ability of the processes to achieve
planned results.
When planned results are not achieved, correction and
corrective actions are taken.
CUSTOMER SATISFACTION
API Spec Q1, Section 9.1.2 / ISO 9001, Section 9.1.2
Procedure meets all requirements of the applicable standard and is
controlled, implemented, and maintained, and addresses:
 frequency of measurement
 obtaining customer feedback
 KPIs
 other info to determine Customer Satisfaction
Records of the results of customer satisfaction are maintained.
Page 10 of 30
ANALYSIS OF DATA
API Spec Q1, Section 6.3 / ISO 9001:2015, Section 9.1.3
Analysis includes data generated from monitoring &
measurement, internal audits, management reviews, and other
relevant sources.
Data Analysis shall provide information relating to each of the following: (identify any other evidence of analysis of data, if applicable)
Reported
Data Types Analysis Method
How Frequency Objective / KPI
Customer Satisfaction
Product Conformity
Nonconformities/
product failures after
delivery/use
Process trends and
characteristics
Supplier Performance
Quality Objectives
Data is used to evaluate where continual improvement of

the effectiveness of the QMS can be made.
Analysis includes;
 If planning has been effectively implemented
 The effectiveness of actions to address risks and
opportunities (ISO 9001, Section 9.1.3d and e)
Page 11 of 30
INTERNAL AUDITS
Internal audit - performed within 12 months from the previous
internal audit (if applicable).
API interprets “Last Internal Audit” to mean the last complete
audit of the ENTIRE QMS, whether performed at one time or over
the period of 12 months.
Audit planning takes into account results of previous audits and
criticality of the process being audited.
Audit criteria, scope, frequency, and methods are identified to
ensure that all processes are audited.
Verify that the internal audit performed:

 conforms to planned arrangements including the requirements
of the applicable standard / specification;
 has been effectively implemented and maintained, including
records;
 was performed by independent / objective, competent
personnel;
 include outsourced activities that impact the quality of the
product and that are performed at the facility; and
 includes all processes required by the MS required to meet the
applicable standard / specification
Nonconformance identified during the internal audit (e.g. response
times, responsibilities, reporting, and records) are addressed.
Page 12 of 30
MANAGEMENT REVIEWS
Identify date(s) of management reviews within the last 12-month
period. (Verify that management reviews are conducted at least
every 12 months.)
Management review has been documented with sufficient
evidence to demonstrate conformity with applicable
requirements.
Review Input - Management review includes all inputs required
by the applicable standard, including:
 Effectiveness and status of actions of previous reviews
 Result of audits
 Customer Feedback
 Results of Risk Assessment / Effectiveness of actions to
address risks
 Status of CA / PA
 Supplier Performance Analysis
 Process Performance
 Product Conformity
 Changes that could affect the MS
 Recommendations for Improvement
 Adequacy of resources
 Effectiveness of actions to address opportunities (ISO 9001,
9.3.2d and e)
Review Output - Management review output includes a
summary assessment of the effectiveness of the MS detailing
any:
 Required changes to the processes
 Decisions and actions
 Required resources
 Improvement for products
Top Management review and approval of Management Review.
Page 13 of 30
IMPROVEMENT – CORRECTIVE / PREVENTIVE ACTION

Corrective Action
API Spec Q1, Section 6.4.2 / ISO 9001, Section 10.2
Corrective actions are taken (both internally and within the supply
chain) to eliminate the cause of nonconformities. Actions include:
 reviewing process nonconformities
 determining/implementing corrections
 dealing with consequences
 evaluating the need for action, through cause identification,

analysis and consideration of trends
 implementing corrective action to avoid recurrence

 identifying timeframe and responsible person(s)
 verification of effectiveness
 MOC (when applicable)
Records of activities are maintained and identify activities

performed to verify effectiveness of the corrective action taken.
Organization has updated risks and opportunities determine

during planning, if necessary (ISO 9001, 10.2.1e)
PREVENTIVE ACTION
API Spec Q1, Section 6.4.3 / ISO 9001, Section 6.1 (see note below)
NOTE: Preventive action is no longer a specific requirement of ISO 9001:2015. Some organization’s may use the preventive action process
as a tool to address risks and opportunities in accordance with ISO 9001:2015, 6.1

Preventive actions are taken (both internally and within the supply
chain) to eliminate the cause of potential nonconformities. Actions
include:
 Identifying opportunities for improvement
 identifying potential nonconformities and their cause
 evaluating need for action to prevent occurrence
 identifying timeframe and responsible person(s)
 reviewing effectiveness
 MOC (if applicable)
Records of activities for control of potential process non-

conformances are maintained.
Organization has used preventive action(s) as a tool to address
risks and opportunities, if necessary (ISO 9001, 6.1)
PRODUCT REALIZATION
Audit Conditions Auditee - Auditor -
1. The audit must determine the degree to which products are being serviced under the scope of the applicable API Monogram License(s)
Page 14 of 30
and / or Registered QMS.

2. Determine the availability of the products for review and audit processes in conjunction with these products.
3. It is intended that this be completed prior to the audit as part of the planning process. In cases where pre-audit information is not
available this MUST be done during the opening meeting/facility tour.
4. Please include as many products as possible that are included as part of the scope of Licensing / Registration.
5. Priority should be established at the start of the audit to verify servicing according to the conditions outlined below.
Category Category Definition
1 Product currently being serviced and available for review
2 New Service Line Product being serviced since the last API audit
NOTE 2: Please identify any products that are being added to the scope of Licensing and / or Registration, including products that are
“new” and have been added since the last audit. These products must be considered when sampling objective evidence during the audit.
Complete the table below based on the above classifications:

Category Product/Service Identification Specification (as applicable)
Page 15 of 30
CONTRACT REVIEW / CUSTOMER RELATED PROCESSES

API Spec Q1, Section 5.1 / ISO 9001, Section 8.2 Auditee - Auditor -
List all Contracts reviewed / sampled (minimum of 3 – include contract identification, customer name,
date of contract and any other pertinent details below):
Check each requirement upon verification

Detail evidence observed (including records and documents
(explanation must be given for any blank
reviewed, personnel interviewed, and processes observed) :
boxes):
Determination of requirements: Customer requirements
Legal / other applicable
requirements
Determination of
Product Requirements Requirements not stated by
customer
Organizational requirements
Also verify:
Requirements confirmed and records
maintained where no requirements are
stated/documented by customer
Review of requirements: Reviewed prior to commitment
Requirements identified and
documented
Review of Product
Requirements Capability confirmed
Records maintained
Records maintained on any new
requirements (ISO 9001, 8.2.3.2b)
Changes to Changes to contract requirements: Documents amended
Requirements
Changes communicated
Approval process determined,

documented, implemented
External / Customer
Communications Requirements are fully understood
Relevant contingencies
communicated
Methods for obtaining / using
customer information
Page 16 of 30
Customer Satisfaction
PLANNING
API Spec Q1, Section 5.2 / ISO 9001, Sections 6 and 8.1 Auditee - Auditor -
Detail evidence observed (including records and documents reviewed, personnel Check each requirement upon verification
interviewed, and processes observed) : (explanation must be given for any blank
boxes):
Planning of product realization: Consistent with QMS process
Required resources / work
environment
Product / customer requirements
Legal / other applicable
requirements
Contingencies based on risk
assessment
Design and development
requirements
Required verification, validation,
Planning monitoring, measuring, inspection,
test activities
Product and process acceptance
criteria established and
implemented
MOC & Changes carried out in a
planned manner
Records maintained
Output documented
Output of product realization planning: Plans updated as changes occur
Plans maintained suitably
RISK ASSESSMENT & MANAGEMENT

API Spec Q1, Section 5.3 / ISO 9001:2015, Sections 4.4.1, 5.1.2 and 6.1 Auditee - Auditor -
Requirements: Objective Evidence / Comments: Finding #:
A process has been established to identify and control risks
associated with:
 impact on delivery, including facility/equipment availability,
maintenance and supplier performance and material
availability/supply;
 Quality of product, including delivery of nonconforming
product & availability of competent personnel.
Tools, techniques and their application for risk identification,
Page 17 of 30
assessment and mitigation are utilized by the organization.

Identify process interaction / examples of Risk Assessment & Management
implementation and tools / techniques used:
boxes):
Risks determined
Actions taken
Actions integrated into QMS and
effectiveness evaluated
Identify process interaction / examples of implementation and tools / techniques used to Check each requirement upon verification
determine and address opportunities (in addition to risks) (ISO 9001, 4.4.1, 5.1.2 and 6.1): (explanation must be given for any blank
boxes):
Opportunities determined
Actions taken
Actions integrated into QMS and
effectiveness evaluated
CONTINGENCY PLANNING
API Spec Q1, Section 5.5 / ISO 9001:2015, Section 8.2.1e) Auditee - Auditor -
Contingency planning is based on assessed risks.
Output of contingency planning is documented and updated as

required.
Internal and external communication controls in place, including
those relevant to the customer.
Page 18 of 30

Identify process interaction / examples of Contingency Planning implementation: (explanation must be given for any blank
boxes):
Based on assessed risks
Output documented / updated as
required
Output communicated
Records maintained
PURCHASING / EXTERNALLY PROVIDED PRODUCTS, PROCESSES AND SERVICES
API Spec Q1, Section 5.6 / ISO 9001:2015, Section 8.4 Auditee - Auditor -
Detail evidence observed (including records and documents reviewed, personnel
interviewed, and processes observed):
boxes):
Control of Purchasing: Criticality of activities/products
determined
Type and extent of control defined on
criticality
Purchasing
Criteria, scope, frequency and
Controls
methods of reassessment defined
List of approved suppliers and scope
of approval
Controls include products/services
being provided to customer directly
by external provider.
Critical Suppliers – Evaluation and Reevaluation
Critical Suppliers Sampled: Product / Component / Activity Performed: (explanation must be given for any blank
boxes):
Site specific criteria
Reevaluation per API Spec Q1, 5.6.1.3
Records Maintained
Also verify:
Risk assessment associated with product
delivery includes supplier performance.
Ensure risks are identified and controlled
(5.3b).
Page 19 of 30
Non-Critical Suppliers – Evaluation and Reevaluation

Non - Critical Suppliers
Product / Component / Activity Performed: (explanation must be given for any blank
Sampled:
boxes):
Initial and on-going capability
assessment per API Spec Q1, 5.6.1.3
Records Maintained
Also verify:
Risk assessment associated with product
delivery includes supplier performance.
Ensure risks are identified and controlled
(5.3b).
Outsourced Activities / Externally Provided Processes

List all outsourced activities and processes (if applicable):

interviewed, and processes observed) :
boxes):
Control of outsourced activities: Records Maintained
Organization’s applicable QMS
Outsourced requirements satisfied
Activities Also verify:
Organization maintains responsibility for
product conformance to specified
requirements including API Spec
Purchasing Information (include contracts/POs sampled -minimum
of 3 :
Acceptance criteria documented
Requirements for:
Purchasing
Information  Supplier interactions
 Control and monitoring of supplier
performance (ISO 9001, 8.4.3d & e)
Records Maintained
Also verify:
Documented requirements per API Spec Q1,
Page 20 of 30
5.6.2(a)(b)(c)(d), where applicable

Verification of conformance to purchase requirements (include Records Maintained
Verification of records reviewed as evidence of conformance):
Purchased Also verify:
Product / Activities - Controls for verification at supplier’s
premises, where applicable
PRODUCTION AND SERVICING PROCESSES
API Spec Q1, Section 5.7.1 / ISO 9001:2015, Section 8.5.1 & 8.5.5 Auditee - Auditor -
Description of Production / Servicing Capabilities [What capabilities does the facility have (i.e., what are they capable of
manufacturing?)] Reference all monogrammable and non-monogrammable products:
Description of Production and/or Servicing Processes (describe what manufacturing/servicing processes actually take place at the facility
and interactions):
Processes must be described in specific detail to provide information regarding the capabilities of the facility being audited. For
example, production processes must be identified clearly as machining, assembly, welding, heat treatment, etc.; testing processes must be
identified clearly as hydro-testing, nondestructive examination, etc.
Production and Servicing Processes reviewed / sampled:
Personnel Description of Inspection Process control

PO / WO Product/service/
Process (Area): interviewed & product/ status documents (verify
number: part identified?
position/title: service/part: identified? revision):
Page 21 of 30
Detail evidence observed (including records and documents Check each requirement upon verification
reviewed, personnel interviewed, and processes observed) : (explanation must be given for any blank boxes):
Controls established and implemented for product Procedure per API Spec Q1, 5.7.1.1
Design requirements/changes
Suitable equipment
Process control documents
Control of Actions to prevent human error (ISO
Production 9001, 8.5.1g)
Also verify:
- Implementation of Quality Plan, if required

- Work instructions, when applicable
- Monitoring & measuring activities
- Product release activities
Controls established and implemented for servicing: (If Procedure per API Spec Q1, 5.7.1.2
Servicing is Excluded – Enter Excluded)
Review of requirements
Suitable equipment
Identification/traceability
Control of Servicing
(if applicable) Process control documents
Also verify:
- Work instructions, when applicable
- Monitoring & measuring activities
- Requirements for release of serviced product
Controls established for any required post-delivery activities: Considerations:

Post-delivery - Statutory / regulatory requirements
activities (ISO 9001, - Potential undesired consequences
8.5.5) - Nature, use and intended lifetime
- Customer requirements and feedback
Documentation of process controls: Includes requirements for verifying
conformance with quality plans, product
specs, customer requirements
Process Control Reference instructions
Documents
Acceptance criteria
Also verify:
Inspection holds and witness points
Product realization documentation sampled: Product realization plan(s)
Records of review/verification,
Product Realization
validation, monitoring, measurement,
Capability
inspection, tests
Documents
Acceptance criteria demonstrating
capability
Validation of Validation of processes for production and services (including Demonstrates ability to achieve planned
Page 22 of 30
outsourced): results
Processes for Verification of supplier conformance to
Production and standard requirements (5.6.1.6)
Servicing
Records maintained
Records reviewed for processes requiring validation (select all that apply; enter additional records reviewed):
NDE Welding Heat Treatment Other:
Personnel Qualification WPS / PQR Personnel Qualification
Equipment Qualification WPQ Procedure/WIs
Work Environment Welder Continuity Log Furnace Surveys
Procedure Qualification Personnel Qualifications
Equipment Qualification
PRODUCT QUALITY PLAN(S) (AS APPLICABLE)

API Spec Q1, Section 5.7.2 / ISO 9001:2015, Section 8.5.1 Auditee - Auditor -
boxes):
Quality Plans sampled: Addresses each requirement of API
Spec Q1, 5.7.2 (a) through (e)
Product Quality
Plans (if Revisions documented/approved
required) Communicated
Page 23 of 30
IDENTIFICATION AND TRACEABILITY

boxes):
Identification / traceability reviewed / sampled: Records maintained
Identification/ Also verify :
Traceability - Delivery and post-delivery
- Maintenance / replacement of
identification / marks
Product Inspection / Test Status

Product Inspection /
Records maintained indicating
Test Status
conformity / nonconformity of product
Customer / External Provider Property (if applicable)

Controls in place for property owned by the customer: Procedure per API Spec Q1, 5.7.5
Customer property Records maintained

Also verify:
Requirements for reporting to customer
External provider Controls in place for property owned by external providers: Documented information retained
property (ISO 9001,
8.5.3)
Page 24 of 30
PRESERVATION OF PRODUCT
boxes):
Identification / traceability marks
Preservation of Transportation, handling, packaging
Product and protection
Records maintained
Storage and Designated storage area / stock rooms

Assessment Records of assessment maintained
INSPECTION AND TESTING
API Spec Q1, Section 5.7.7 / ISO 9001:2015, Sections 8.5.1a and 8.6 Auditee - Auditor -
 For Monogram only, ensure that all inspection and testing requirements of the (explanation must be given for any blank
applicable product specification are addressed boxes):
 For Monogram only, please incorporate and complete the relevant Product Spec
Audit Questions
In-process inspection and testing: Procedure
Inspection / testing at planned stages
per plan / procedure
Evidence of conformity with
Inspection and acceptance criteria maintained
Testing Final inspection and testing: Procedure
Final inspection / testing per plan /
procedures
Evidence of conformity to
requirements maintained
Page 25 of 30
PREVENTIVE MAINTENANCE
boxes):
Preventive maintenance for equipment used in product Procedure
realization:
Preventive Type of equipment, frequency,
Maintenance responsible personnel identified
Records maintained
CONTROL OF TESTING, MONITORING AND MEASURING EQUIPMENT
API Spec Q1, Section 5.8 / ISO 9001:2015, Section 7.1.5 Auditee - Auditor -
Organization has determined the testing, monitoring, and
measurement requirements and the associated equipment and
resources, including people, needed to ensure conformance.
Equipment and resources suitable for specific testing, monitoring
and measuring activities.
Controls established and implemented to ensure that equipment
is identified, calibrated, maintained, and used in a manner
consistent with requirements.
Also verify: Control of out-of –tolerance equipment and
assessment of previous measurements.
Equipment observed / sampled (minimum of 3): Check each requirement upon verification
Note: For Monogram only, ensure that all inspection and testing requirements of the (explanation must be given for any blank
applicable product specification are addressed boxes):
Equipment: Description: Cal Date: Due Date: Uniquely identified

Calibration status identified
Traceable to Nat’l/int’l standard
Included on registry
Acceptance criteria defined and
appropriate
Equipment suitable
Records maintained
Also verify:
- Computer software confirmation
- Externally provided equipment

PRODUCT RELEASE
interviewed, and processes observed) : (explanation must be given for any blank
Page 26 of 30
boxes):
Procedure
Release upon satisfactory completion
of planned arrangements
Identification of individual releasing
Product product
Release Records maintained
Also verify:
- Approval of release by authority/customer

when planned arrangements are not met
CONTROL OF NONCONFORMING PRODUCT
interviewed, and processes observed) : (explanation must be given for any blank boxes):
Procedure
Method of addressing non-conforming
product per API Spec Q1, 5.10.2
Concession approved by relevant
authority and/or customer
Customer notification
Control of Records maintained
Nonconforming
Also verify:
Product
- Proper identification to prevent unintended
use
- Addressing the nonconformity
- Identification, documentation, analysis and
actions taken for nonconforming product
identified after delivery
- Risk assessment includes supplier
performance. Ensure risks are identified and
controlled
Page 27 of 30
MANAGEMENT OF CHANGE
API Spec Q1, Section 5.11 / ISO 9001:2015, Section 6.3 and 8.5.6 Auditee - Auditor -
MOC process has been established to ensure that integrity of the
MS when changes are planned and implemented.
Facility identifies potential risks associated with changes prior to

making the change.
Changes are approved as required prior to making changes
Consideration given to purpose, potential consequences, resource
requirements, changes in responsibilities and authorities related
to the change(s) (ISO 9001, 6.3)
Describe how the facility ensures that the MOC process is used for
changes that may affect the QMS negatively, including changes:
to the organizational structure;
in key or essential personnel;
in critical suppliers; and
to MS processes, including changes resulting
from CA / PA
Describe the organization’s process for notification of changes.
When is notification required? To who is notification required?
Top management has assigned specific responsibities and

authorities for managing QMS changes (ISO 9001, 5.3 e)
Identify process interaction / examples of Management of Change implementation: (explanation must be given for any blank
boxes):
Negative affect(s) on QMS identified
Risks identified prior to change
Purpose, consequences, resources,
responsibilities / authorities
considered (ISO 9001, 6.3)
Approved prior to change
Notification of change
Records maintained
Page 28 of 30
AUDIT SUMMARY
Number of Findings: Major (Systemic): Minor (Isolated): Concerns:
Comments:
Strengths:
Opportunities for Improvement (OFIs):
Provide a summary of the closure and verification of corrective actions for previous findings, if any:
Provide an overall assessment of the capability of the facility to manufacture product(s) (Monogram):
Provide an overall assessment of the effectiveness of the management system and the facility’s ability to perform activities / provide
products within the scope of registration:
Page 29 of 30
OPENING / CLOSING MEETING ATTENDANCE SHEET

When performing the opening and closing meeting, please refer to the Opening and Closing meeting guidelines
Audit Team Leader:
Audit Team Members:
Audit Observer(s):
Opening Meeting
Closing Meeting
Participants (Name & Title) - Initial/check the meetings attended Opening Closing
Page 30 of 30

Internal Audit Checklist Q1 - IsO 2015 - Final Format

Uploaded by

Copyright:

Available Formats

Internal Audit Checklist Q1 - IsO 2015 - Final Format

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internal Audit Checklist Q1 - IsO 2015 - Final Format

Uploaded by

Copyright:

Available Formats

INTERNAL AUDIT CHECKLIST API Spec Q1 9 th and ISO 9001:2015

PREVIOUS AUDIT FINDINGS

QUALITY MANAGEMENT SYSTEM REQUIREMENTS

The QMS scope considers all requirements, external

 Scope of the QMS, including exclusions

 Sequence and interaction of the processes

 Processes that require validation

 Reference to documented procedures that control

 Sequence and interaction of the processes

 Criteria and methods for effective operation and

Organization and Context (ISO 9001, 4.1)

 internal and external issues relevant to purpose,

Understanding Interested Parties (ISO 9001, 4.2)

 interested parties that are relevant to QMS

Compatible and supports the organization’s strategic vision.

 criteria and methods needed for the operation and control

Organization has determined the activities, resources,

MANAGEMENT RESPONSIBILITY / LEADERSHIP

Verify the following:

 Competence, training & awareness for appointment;

Training and Awareness

Facility identifies training needs and ensures that personnel

Effectiveness of actions are evaluated and maintained (i.e.,

Organizational Knowledge (ISO 9001, 7.1.6)

 Knowledge maintained and available

 Process in place for evaluating changes in relation to current

Personnel Sampled for Competency, Awareness and Training

DOCUMENTATION REQUIREMENTS / DOCUMENTED INFORMATION

Information is adequately protected.

External documents are controlled to ensure that relevant

Obsolete documents are identified / removed to ensure against

Use of External Documents in Product Realization

QMS MONITORING, MEASUREMENT, ANALYSIS AND IMPROVEMENT

Data is used to evaluate where continual improvement of

Verify that the internal audit performed:

Top Management review and approval of Management Review.

IMPROVEMENT – CORRECTIVE / PREVENTIVE ACTION

 dealing with consequences

 evaluating the need for action, through cause identification,

 implementing corrective action to avoid recurrence

Records of activities are maintained and identify activities

Organization has updated risks and opportunities determine

Requirements: Objective Evidence / Comments: Finding Auditee Auditor

Records of activities for control of potential process non-

and / or Registered QMS.

Complete the table below based on the above classifications:

CONTRACT REVIEW / CUSTOMER RELATED PROCESSES

Check each requirement upon verification

Approval process determined,

RISK ASSESSMENT & MANAGEMENT

assessment and mitigation are utilized by the organization.

Output of contingency planning is documented and updated as

Check each requirement upon verification

Non-Critical Suppliers – Evaluation and Reevaluation

Outsourced Activities / Externally Provided Processes

Check each requirement upon verification

Acceptance criteria documented

5.6.2(a)(b)(c)(d), where applicable

Production and Servicing Processes reviewed / sampled:

Personnel Description of Inspection Process control