Standard Operating Procedure: Quality Management System (QMS) Internal Audit

This Standard Operating Procedure (SOP) outlines the mandatory protocols and systematic approach for conducting an internal audit of the Quality Management System (QMS). The objective of this process is to verify compliance with ISO 9001:2015 standards (or equivalent regulatory frameworks), ensure process efficacy, and identify opportunities for continuous improvement. By adhering to this checklist, the organization ensures that its quality objectives remain aligned with strategic goals and that non-conformities are identified and remediated before external audits occur.

Phase 1: Preparation and Planning

• Define the audit scope, objectives, and criteria (e.g., ISO 9001:2015 clauses, internal policies).
• Appoint an independent lead auditor who has no direct operational responsibility for the areas being audited.
• Review documentation from the previous audit, including status of outstanding Corrective Actions (CAPA).
• Develop an audit schedule and communicate it to all relevant department heads at least two weeks in advance.
• Prepare "Audit Evidence Request" list for auditees to organize required documentation.

Phase 2: Documented Information Review

• Verify the existence and currency of the Quality Manual and Quality Policy.
• Confirm that all controlled documents have authorized version numbers and current approval signatures.
• Check that records (logs, forms, reports) are stored in accordance with the Record Retention Policy.
• Ensure that staff members have access to the latest versions of Work Instructions and SOPs.

Phase 3: Operational Process Audit

• Risk and Opportunity Management: Review the Risk Register to ensure risks are documented and mitigating actions are being tracked.
• Competency and Training: Verify employee training records, ensuring they align with the current Job Descriptions and competency requirements.
• Resource Management: Inspect equipment calibration logs and maintenance records for all essential machinery/infrastructure.
• Customer Satisfaction: Review feedback logs, complaints, and customer satisfaction survey results to ensure timely resolution.
• Supplier Control: Audit the Approved Supplier List and ensure current vendor evaluations are on file.

Phase 4: Non-Conformity and Improvement

• Review the CAPA log to ensure that every non-conformity has a Root Cause Analysis (RCA).
• Confirm that corrective actions were implemented and verified for effectiveness.
• Document all identified gaps as "Major" (systemic failure) or "Minor" (isolated incident).
• Draft the Audit Summary Report, highlighting areas of excellence and areas requiring immediate attention.

Phase 5: Reporting and Follow-Up

• Conduct the closing meeting with stakeholders to communicate findings and establish target dates for remediation.
• Issue the formal Audit Report to Top Management.
• Schedule a follow-up date to verify the completion of identified corrective actions.

Pro Tips & Pitfalls

• Pro Tip: Use the "Plan-Do-Check-Act" (PDCA) cycle as your mental framework. If you find a process that works well, ask "How do you know it works?" to elicit evidence-based answers.
• Pro Tip: Audit the process, not the person. Use open-ended questions like "Show me how you..." rather than "Did you do X?".
• Pitfall (Sampling Bias): Auditors often look at only the most recent records. Ensure you audit a representative sample spanning the entire period since the last audit.
• Pitfall (The "Paper Trail" Trap): Do not be satisfied with a document that exists. Verify that the documented practice is actually being performed on the floor.

Frequently Asked Questions (FAQ)

1. How often should a QMS internal audit be performed? The frequency is determined by the status and importance of the processes, but ISO 9001 requires that internal audits be conducted at "planned intervals," typically at least once every 12 months.

2. What should I do if I find a major non-conformity during the audit? Do not wait for the final report. Document the finding immediately, notify the process owner, and initiate the CAPA (Corrective and Preventive Action) process as soon as the risk is confirmed.

3. Can a department manager audit their own department? No. To maintain impartiality and objectivity, the auditor must be independent of the function being audited. An auditor cannot be responsible for the processes they are evaluating.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is the primary goal of a QMS internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "The primary goal is to verify compliance with standards like ISO 9001:2015, ensure process efficacy, and identify areas for continuous improvement before external audits." } }, { "@type": "Question", "name": "Who should be appointed as an internal auditor?", "acceptedAnswer": { "@type": "Answer", "text": "An internal auditor must be an independent person who has no direct operational responsibility for the specific processes or departments being audited to ensure objectivity." } }, { "@type": "Question", "name": "How far in advance should an audit schedule be communicated?", "acceptedAnswer": { "@type": "Answer", "text": "It is standard practice to communicate the audit schedule to relevant department heads at least two weeks in advance to allow for proper preparation." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "QMS Internal Audit SOP Template", "applicationCategory": "BusinessApplication", "operatingSystem": "All", "description": "A comprehensive standard operating procedure for conducting Quality Management System internal audits and maintaining ISO 9001:2015 compliance.", "offers": { "@type": "Offer", "category": "Documentation" } } </script>