Internal Audit Checklist for ISO and IMS Compliance
Plan internal audits that test whether processes are working, evidence is complete, and corrective actions are being closed.
Quick answer
Plan internal audits that test whether processes are working, evidence is complete, and corrective actions are being closed.
Define scope before testing
Decide which standard, process, site, department, or risk area the audit covers. A focused audit creates better findings than a broad checklist with no depth.
Collect evidence in three ways
Use interviews, document review, and record sampling. This helps confirm that the process exists, people understand it, and records prove it is being followed.
- Audit plan and criteria
- Interview notes
- Sampled records
- Findings and evidence
- Corrective action assignments
Make findings actionable
Each finding should identify the requirement, the evidence, the gap, the risk, and the action owner. Avoid vague findings that cannot be closed.
Frequently asked questions
How often should internal audits run?
Set audit frequency based on risk, certification cycle, process performance, customer requirements, and previous findings.
Can one internal audit cover multiple standards?
Yes, if the criteria and evidence mapping make it clear which requirements were assessed.
Should internal audits create corrective actions?
Yes. Nonconformities and improvement findings should flow into a controlled action process.
Next step
Use this guide to check your current evidence, then move the work into a controlled system with documents, forms, registers, and review actions.
See audit-ready IMS workflows