Report and Checklist - Internal Audit of the Quality Management System Code: FO 9.2.

03
Review: 00
Quality Management System - NBR ISO 9001:2015 Data: 03/05/2023 Pág.1/2

Implementation Period: LIST OF AUDITEES

Audited Sector
Reference Standard:
NBR ISO 9001:2015
Audit Scope:

Responsável da Qualidade:

Objective of Internal Audit:

• Confirm that the management system complies with the requirements of the standard in question;
Confirm the organization's adherence to its own policies, objectives, and procedures;
Confirm that the management system is achieving the objectives expressed in the organization's policy.

Audit Team:
Name: Signature:
Lead Auditor:
Auditor 1:
Auditor 2:
Strong Points Audit Conclusions
Describe the total of Major Non-Conformities, Minor Non-Conformities, and Observations. Result of
Total effectiveness of Internal Audit.

Weak Points
 Findings of the Auditor
Process: Responsible Manager:

Items of the ISO 9001 standard Internal Documents

Audited: Audited/Review:

Non-Conformities
Larger (item of
norma/descrição/evidência
objetva):

Non-Conformities
Minors(item of
norma/descrição/evidência
object)

Observations/Improvements:

Effectiveness of the Process (% and

Descrição):

Process: Gestor Responsável:

Items of ISO 9001 standard Internal Documents

Audited: Audited/Review:

Non-Conformities
Major (item of
norma/descrição/evidência
objetva):

Non-Conformities
Minors(item of
norma/descrição/evidência
objetva):

Observations/Improvements:

Effectiveness of the Process (% and

Description):
 Report and Checklist - Internal Audit of the QMS
Sistema de Gestão da Qualidade - NBR ISO 9001:2015

Process: Legend:

Auditor: As C

Data: Observação/Necessita Melhoria = OBS

Major Non-Conformity = NCM
Minor Non-Conformity = NC
Índice de Eficácia da AI = 100% Not Applicable NA

Specific Questions (based on the manuals,

Clauses of ISO 9001:2015 Questions Objective Evidence
SIPOC, procedures and internal documents

4. Organization Context
4.1. Understanding the organization and its context. Does the organization monitor the internal and external issues relevant to its strategic direction? It determines c
the risks and opportunities associated? How do you monitor and review information related to these issues
internal and external?

4.2. Understanding the needs and expectations of the parties Has the organization identified the stakeholders related to the QMS? Has it determined their needs and c
interested parties. expectations? Were their effects or potential effects on the capacity determined?
organization to provide products and services that meet the applicable requirements? The organization monitors and
critically analyze information about these stakeholders and their requirements?

4.3. Determining the scope of the Quality Management System. How were the limits and applicability of the QMS used to establish its scope? C
How external and internal issues, the requirements of relevant stakeholders, and the products and
Were the organization's services considered in determining the scope of the QMS?
If any item of the standard was considered not applicable, how does the organization demonstrate that it is not
does it affect the compliance of products and services?
Where and how is the scope maintained as documented information?
Does he declare which products and services are covered by the QMS? Does he justify how the requirements are not?
applicable to the QMS?

4.4. Quality Management System and its processes. Has the organization determined the processes necessary for the QMS? c
a) what are the required inputs and the expected outputs of these processes?
b) what is your sequence and interaction?
c) how the criteria and necessary methods for effective operation and control were determined and applied
of these processes?
d) how were the necessary resources for these processes determined?
e) what responsibilities and authorities have been assigned to these processes?
f) how were the risks and opportunities for these processes addressed?
g) how these processes are evaluated and any necessary changes are implemented to
ensure that these processes achieve their intended results?
h) How are these processes and the QMS improved?
What information was documented as necessary to support the operation of these
processes? What documented information is retained to ensure that they are performed in accordance with
planned?

5. Leadership

Page 3 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

5.1. Leadership and commitment. How management demonstrates leadership and commitment by taking responsibility for the effectiveness of C
5.1.1. Generalities: SGQ?
How the policies and objectives of the QMS are established and how they align with the direction
strategic and the context of the organization?
How is the quality policy communicated within the organization? How are the requirements of the QMS integrated?
in business processes?
How does management promote the use of process approaches and a risk mindset?
How is it ensured that the necessary resources for the QMS are available?
How management communicates the importance of quality management effectiveness and compliance to
requirements of the QMS?
How is it ensured that the QMS achieves its intended results?
How does management engage, direct, and support people to contribute to the effectiveness of the QMS? In what way?
promotes improvement?
How leadership supports other relevant management roles and demonstrates how its leadership applies to the
Areas under your responsibility?

5.1.2. Focus on the customer How does Top Management demonstrate leadership and commitment to customer focus? C
How do you ensure that customer requirements and relevant statutory and regulatory requirements are met?
determined, understood and consistently attended to?
As the risks and opportunities that may affect the compliance of products and services are
determined?
How is the ability to increase customer satisfaction determined and addressed?
How does management ensure that the focus on the customer is maintained?

5.2. Quality Policy How does top management establish, implement and review the quality policy? C
How it is determined that the policy is appropriate to the purpose, context of the organization, and supports its.
strategic direction?
Does it provide a framework for establishing quality objectives?
Does it include a commitment to meet the applicable requirements?
Does it include a commitment to the continuous improvement of the QMS?
Where is the quality policy available and maintained as documented information?
How is she communicated?
Is it understood and applied in the organization?
How is it available to the relevant stakeholders, as appropriate?

5.3. Organizational roles, responsibilities, and authorities How does the Senior Management ensure that the responsibilities and authorities for relevant roles are C
attributed, communicated, and understood?
How the Top Management assigns responsibility and authority for:
Ensure that the QMS is in accordance with this standard?
Are the processes delivering their intended outputs?
That the performance of the QMS and the opportunities for improvement (10.1) are reported, especially for you.
same (Upper Management)?
Is the focus on the customer promoted in the organization?
That the integrity of the QMS be maintained when changes are planned and implemented in it?

6. Planning of the QMS

6.1. Actions to address risks and opportunities How are internal and external issues and interested parties considered in the planning of the QMS? C
How risks and opportunities are determined and addressed so that the QMS can:
a) achieve the desired results?
b) increase desirable effects?
c) prevent or reduce undesirable effects?
d) achieve improvements?
How are actions planned to address risks and opportunities?
How are the actions integrated and implemented in the processes of the QMS?
How is the effectiveness of the actions evaluated?
How is it determined that the actions taken to address risks and opportunities are appropriate to the impact?
potential regarding product and service compliance? (Greater impact > more robust actions and
comprehensive).

Page 4 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

6.2. Quality objectives and planning to achieve them What are the objectives of quality? In what functions, levels, and relevant processes are they? C
established?
Are they consistent with the quality policy?
Are they measurable?
Do they take into account the applicable requirements?
Are they relevant for the compliance of products and services and to increase customer satisfaction?
Are they monitored? How? How often?
Como eles são comunicados?
How are they updated?
Where are the quality objectives maintained as documented information?
When planning how to achieve quality objectives, how does the organization determine what will be done, with
what resources, who will be responsible, when will it be completed and how will the results be evaluated?

6.3. Change Planning How are changes to the QMS planned systematically? C
How are the purpose of the changes and their potential consequences considered? How is it considered
the integrity of the QMS? The availability of resources? The allocation or reallocation of responsibilities and
authorities?

7. Support
7.1. Resources How are the necessary resources for the establishment and implementation determined and provided? C
7.1.1. Generalities maintenance and improvement of the QMS?
How are the capacities and constraints of internal resources considered?
How is it determined what needs to be obtained from external providers?

7.1.2. People How are the necessary people determined and provided for the effective implementation of the QMS and for the C
operation and control of your processes?
How many people are needed for the management and operation of the QMS and its processes?
7.1.3. Infrastructure How the infrastructure necessary for the operation of the QMS is determined, provided, and maintained. C
achieve compliance of products and services?
7.1.4. Environment for the operation of processes How is an environment necessary for the operation of processes determined, provided, and maintained? C
achieve compliance of products and services?
7.1.5. Monitoring and measurement resources. Where used, how are the necessary resources determined and provided to ensure results C
[Link]. Generalities valid and reliable in the monitoring or measurement of products or services?
How is it ensured that the resources provided are suitable for the specific type of monitoring and
measurement? How are they maintained to remain continuously appropriate?
What appropriate documented information is retained as evidence that they are suitable for their
purposes of monitoring and measurement?

[Link]. Measurement traceability How are monitoring and measurement resources verified and/or calibrated? At what intervals? C
Against which international and national standards? When such standards do not exist, the basis for the
Is calibration or verification kept as documented information?
How are these resources identified regarding their situation? How are they safeguarded against adjustments?
damages or deterioration that would invalidate its calibration and subsequent results?
When a measuring instrument is found inappropriate, how does the organization determine its validity?
of previous results? What actions are taken in the case of invalid results?

7.1.6. Organizational knowledge. How is the necessary knowledge determined for the operation of processes and to achieve the C
compliance of products and services?
How is this knowledge maintained and made available to the necessary extent?
How are the needs and trends of changes in the consideration of knowledge addressed in
Is it determined how to acquire or access the additional knowledge necessary?

7.2. Competence How are the necessary competencies determined for people who perform work that affects the C
performance and effectiveness of the QMS?
How is it ensured that these people are competent, based on education, training or
appropriate experience?
When necessary, how actions are taken to acquire the required competence and assess effectiveness
the actions taken?
Show documented, appropriate information as evidence of competence.
(check the evidence of 3 to 5 people, chosen randomly).

7.3. Awareness How people are made aware of quality policy and quality objectives C
relevant?
How they are made aware of their contribution to the effectiveness of the QMS and about the benefits of
improved performance?
About the implications of not being compliant with the requirements of the QMS?

Page 5 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

7.4. Communication How are the internal and external communications related to the QMS determined? C
How is it determined: what, when, with whom, how, and who communicates?

7.5. Documented information What documented information required by this Standard is part of the QMS? C
7.5.1. Generalities What documented information not required by this standard has been determined as necessary for
the effectiveness of the QMS?

7.5.2. Creating and updating How to ensure that the documented information contains: C
identification and description?
appropriate format and means?
- critical analysis and approval regarding adequacy and sufficiency?

7.5.3. Control of documented information How is it ensured that the documented information: C
Is it available and suitable for use?
where and when it is needed?
Are you sufficiently protected?

[Link]. For the control of documented information, how does the organization address the following activities: C
distribution, access, retrieval, and use?
storage and preservation?
change control?
retention and disposal?
How is the documented information of external origin controlled, as determined by the organization as
necessary for the planning and operation of the QMS?
How the documented information retained as evidence of compliance is protected against unauthorized changes
intentional?

8. Operation
8.1. Operational planning and control How processes necessary for the provision of products are planned, implemented, and controlled C
and services?
How are the requirements for products and services determined?
How are the criteria for processes and for the acceptance of products and services established?
How are the necessary resources determined?
How are process controls implemented?
What documented information was determined and preserved for the processes? They are in the extension
necessary to have confidence and demonstrate compliance of products and services?
How was it determined that the outcome of this planning is suitable for operations?
How are changes controlled and their consequences critically analyzed? What actions are taken?
taken to mitigate their effects?
How is the control of outsourced processes ensured?

8.2. Requirements for products and services What are the communication processes with the client? How is information communicated about: C
8.2.1. Communication with the client products and services?
- inquiries, contracts or requests, including changes?
customer feedback on products and services, including complaints?
handling and control of client property?
specific requirements for contingency actions, when applicable?

8.2.2. Determination of requirements related to products and services What is the process to determine the requirements for products and services? C
How does he ensure that the requirements for products and services are defined? How are they identified?
What are the statutory and regulatory requirements applicable? How are those requirements determined?
considered necessary by the organization?
How does the organization meet the requests for the products and services it offers?

Page 6 of 11
 Specific Issues (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

8.2.3. Critical analysis of requirements related to products and services How does the organization ensure that it has the capacity to meet the requirements for products and services? C
will be offered to customers?
A critical analysis of this capacity is conducted BEFORE committing to providing products and services.
the client?
How the organization critically analyzes:
the requirements specified by the client, including the requirements for delivery and post-delivery activities?
- requirements not declared by the client, but necessary for the specified or intended use, when
known?
specified requirements by the organization?
What are the applicable statutory and regulatory requirements?
Requirements of a contract or order different from those previously expressed?
How does the organization ensure that the contract or order requirements differ from those previously
Are defined ones resolved?
When the customer does not provide a documented statement of their requirements, how does the organization...
confirm before your acceptance?

[Link]. How and where does the organization retain documented information about the results of the critical analysis of C
requirements and about any new requirements for products and services?
8.2.4. Changes in requirements for products and services When the requirements for products and services change, how does the organization ensure that C
relevant documented information shall be amended, and relevant persons shall be alerted of the
changed requirements?
8.3. Design and development of products and services How the organization establishes, implements, and maintains a design and development process that is C
8.3.1. Generalities appropriate to ensure the subsequent provision of products and services?

8.4. Control of processes, products, and provided services How does the organization ensure that processes, products, and services provided externally are C
externally compliant with requirements?
8.4.1. Generalities When the organization determines the controls to be applied to processes, products, and services
provided externally?
What criteria does the organization determine and apply for evaluation, selection, performance monitoring and
reassessment of external providers?
What are these criteria based on?
What documented information does the organization retain about these activities and any actions
necessary arising from these evaluations?

8.4.2. Type and extent of control How the organization ensures that externally provided processes, products, and services do not affect C
adversely affecting the organization's ability to consistently deliver compliant products and services
for your clients?
Like the organization:
ensures that externally provided processes remain under the control of your QMS?
define both the controls that she intends to apply to an external provider and those that she intends
apply to the resulting outputs?
How the organization, in defining these controls, takes into account:
the potential impact of external processes, products, and services on the QMS, the requirements
of the client and statutory and regulatory requirements?
the effectiveness of the controls applied by the external provider?
How the organization determines the verification, or other activity, necessary to ensure that the
Do processes, products, and services provided externally meet the requirements?

8.4.3. Information for external providers How does the organization ensure the sufficiency of requirements before communicating them to the provider? C
external?
How does the organization communicate requirements to external providers for:
- the processes, products, and services to be provided?
the approval of: products and services, methods, processes and equipment and release of products and
services?
competence, including any required qualifications of people?
the interactions of external provider with the organization?
control and monitoring of the performance of the external provider to be applied by the organization?
- verification or validation activities that the organization or its clients intend to perform in
external provider installations?

Page 7 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents)

8.5. Production and provision of service Is the production and provision of service implemented under controlled conditions? ] C
8.5.1. Production and service provision control These conditions include:
the availability of documented information?
They include the characteristics of the products to be produced, the services to be provided, or the
activities to be performed?
What are the results to be achieved?
the availability and use of appropriate monitoring and measurement resources?
the implementation of monitoring and measurement activities at appropriate stages to verify that
were the criteria met?
the use of appropriate infrastructure and environment for processes?
the designation of competent persons, including any required qualifications?
the periodic validation and revalidation of the ability to achieve planned results where it is not possible
verify the resulting output by subsequent monitoring and measurement?
the implementation of actions to prevent human error?
the implementation of release, delivery, and post-delivery activities?

8.5.2. Identification and traceability How are outputs identified when this is necessary to ensure product compliance? C
services?
How the situation of the outputs is identified in relation to the monitoring and measurement requirements
long in the production and provision of service?
How does the organization control the unique identification of outputs when traceability is a requirement?
Que informação documentada é retida para possibilitar essa rastreabilidade?

8.5.3. Property belonging to clients or external providers How does the organization take care of property belonging to clients or external providers? How does it... C
identify, verify, protect and safeguard?
When a customer or external provider's property is lost, damaged, or otherwise
inadequate for use, how is this reported?
What documented information is kept about occurrences related to these customer properties or
external provider?

8.5.4. Preservation How the organization preserves the outputs during the production and provision of service to the necessary extent. C
to ensure compliance with requirements?
8.5.5. Post-delivery activities How does the organization meet the requirements for post-delivery activities associated with the products and C
services?
In determining the extent of the post-delivery activities required, the organization considers:
the statutory and regulatory requirements?
the potential undesirable consequences associated with your products and services?
the nature, use, and intended lifespan of your products and services?
client requirements?
customer feedback?

8.5.6. Change Control How the organization critically analyzes and controls changes for production or service provision C
Extension needed to continuously ensure compliance with requirements?
What documented information is retained, describing the results of critical change analyses? They
indicate the people who authorize the change and any necessary actions arising from the analysis
criticism?
8.6. Release of products and services How is the release of products and services carried out to verify if their requirements have been met? C
What are the conditions for them to be released?
What documented information is retained about the release of products and services?
It contains the following data:
evidence of compliance with the acceptance criteria?
traceability to the person(s) who authorize(s) the release?

8.7. Controle de saídas não conformes 8.7.1 How does the organization identify and control non-conforming outputs with the requirements? C
How the organization takes appropriate actions based on the nature of the non-conformity and its effects
about compliance? How is this applied to non-compliant products and services detected after the
delivery of products, during or after the provision of services?
The organization deals with non-conforming outputs of a
or in any of the following ways:
correction?
segregation, containment, return or suspension of the provision of products and services?
customer information?
obtaining authorization for acceptance under concession?
How is compliance with the requirements verified when non-conforming outputs are corrected?

Page 8 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

8.7.2. What documented information about non-conformities does the organization retain? C
This documented information:
What is the non-conformity?
What actions were taken?
Describe the concessions obtained?
Who is the authority that decides on the action regarding non-compliance?

Page 9 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents)

9. Performance Evaluation
9.1. Monitoring, measurement, analysis, and evaluation How the organization determines: C
9.1.1. Generalities What needs to be monitored and measured?
- the methods for monitoring, measuring, analyzing, and evaluating necessary to ensure results
valid?
When should monitoring and measurement be performed?
When should monitoring and measurement results be analyzed and evaluated?
How does the organization assess the performance and effectiveness of the QMS?
What documented information does the organization retain as evidence of the results?

9.1.2. Customer Satisfaction How does the organization monitor customer perception of the extent to which their needs and expectations C
Were they attended to?
What methods did the organization determine to obtain, monitor, and critically analyze this information?

9.1.3. Analysis and evaluation How the organization analyzes and evaluates relevant data and information obtained from monitoring and C
measurement?
The results of analyses are used to evaluate:
compliance of products and services?
the degree of customer satisfaction?
the performance and effectiveness of the QMS?
Was the planning implemented effectively?
the effectiveness of the actions taken to address risks and opportunities?
the performance of external providers?
the need for improvements in the QMS?

9.2. Internal Audit 9.2.1 Does the organization conduct internal audits? Are they carried out at planned intervals? C
They provide information on whether the QMS:
Is it in compliance with the organization's own requirements for its QMS? -
the requirements of this Standard?
Is it effectively implemented and maintained?
9.2.2. The organization: C
does it plan, establish, implement, and maintain an audit program? It includes the frequency, methods,
responsibilities, requirements for planning and reporting, what should take into consideration the importance
of the processes concerning, changes that affect the organization and the results of previous audits?
Define the audit criteria and the scope for each audit?
selects auditors and conducts audits to ensure the objectivity and impartiality of the process
audit?
ensures that audit results are reported to the relevant management?
Does it execute correction and appropriate corrective actions without undue delay?
retains documented information as evidence of the implementation of the audit program and of
audit results?

9.3. Critical analysis by management How does the Top Management critically analyze the organization's QMS? How frequently are these analyses conducted? C
9.3.1. Generalities made? What is the purpose of these analyses?
9.3.2. Critical analysis inputs from the management How is the critical analysis planned by the management? C
They take into consideration:
the situation of actions resulting from previous critical analyses by management?
Changes in external and internal issues that are relevant to the QMS?
This critical analysis takes into account information about the performance and effectiveness of the QMS, including
trends related to:
customer satisfaction and feedback from relevant stakeholders?
- extension in which the objectives
Have the quality standards been achieved?
process performance and compliance of products and services?
non-conformities and corrective actions? results of
monitoring and measuring?
audit results?
performance of external providers?
the sufficiency of resources?
the effectiveness of actions taken to address risks and opportunities (see 6.1)?
opportunities for improvement?

Page 10 of 11
 Specific Questions (based on the manuals,
Clauses of ISO 9001:2015 Questions Objective Evidence
sipoc, procedures and internal documents

9.3.3. Outputs of critical analysis by management What are the critical analysis outputs by the management? C
They include decisions and actions related to:
opportunities for improvement?
Is there any need for changes in the QMS?
need for funding?
What documented information does the organization retain as evidence of the results of critical analyses by
direction?

10. Improvement
10.1. Generalities How does the organization determine and select opportunities for improvement? How does it implement any C
necessary actions to meet customer requirements and increase their satisfaction?
These actions include:
improve products and services to meet requirements as well as to address future needs and
expectations?
correct, prevent or reduce undesirable effects?
how to improve the performance and effectiveness of the QMS?

10.2. Nonconformity and corrective action When a non-conformity occurs, including those arising from complaints, the organization: C
10.2.1. reacts to the non-conformity and, as applicable: takes action to control and correct it and deals with the
consequences?
assesses the need for action to eliminate the cause(s) of the nonconformity so that it does not
repeat or happen elsewhere, critically analyzing the non-conformity? Determining the causes of
non-conformity? Determining if similar non-conformities exist, or if they could potentially
happen?
Does it implement any necessary action?
critically analyze the effectiveness of any corrective action taken?
Does it update risks and opportunities identified during planning, if necessary?
Does it make changes to the QMS, if necessary?
Are corrective actions appropriate to the effects of the non-conformities found?

10.2.2. What documented information about nonconformity and corrective action does the organization retain? C
They provide evidence:
of the nature of non-conformities and any subsequent actions taken?
of the results of any corrective action?
10.3. Continuous improvement How does the organization demonstrate the continuous improvement of the adequacy, sufficiency, and effectiveness of the QMS? C
How the results of analysis and evaluation, as well as the critical analysis by management, are used to
determine if there are needs or opportunities that should be addressed as part of the improvement
continues?

Process Efficiency Index: 100% Formula: C / (NCM + NC/2 + C) * 100

Major Non-Conformities (NCM): 0

Minor Nonconformities (NC): 0

Page 11 of 11