What Is a QMS Audit?
A Quality Management System (QMS) audit is a systematic, independent, and documented process for obtaining evidence and evaluating it objectively to determine the extent to which quality management criteria are fulfilled.
QMS audits serve multiple objectives:
Ensuring compliance with standards (e.g., ISO 9001 )
Identifying process inefficiencies and risks
Verifying effectiveness of controls
Supporting continuous improvement initiatives
Strengthening customer satisfaction and trust
What a QMS Audit Covers
Area | What is Assessed |
Leadership & Context | Quality Policy, Objectives, Organizational Context, Leadership commitment |
Documented Information | Control of documents and records, version control, accessibility |
Risk & Opportunity Management | Risk Identification, mitigation actions, opportunity planning |
Operational Processes | Process consistency, controls, KPIs, work instructions |
Competence & Training | Employee qualifications, training records, awareness |
Supplier & External Providers | Supplier evaluation, monitoring, performance |
Customer Focus | Feedback handling, complaints, satisfaction metrics |
Internal Audits | Audit program, frequency, effectiveness |
Nonconformance & CAPA | Issue tracking, root cause analysis, corrective actions |
Continuous Improvement | Improvement initiatives, performance trends |
Types of QMS Audits
Audits play a critical role in identifying gaps, driving improvement, and maintaining compliance. Depending on the purpose and who conducts them, QMS audits are generally categorized into three types:
First-Party (Internal Audit) - Conducted by the organization itself to assess internal compliance and readiness. This is best for continuous improvement and ISO compliance preparation.
Second-Party (Supplier Audit) - Conducted on suppliers or external providers and best used for ensuring supplier quality and risk control.
Third-Party (Certification Audit) - Conducted by an accredited certification body and best used to achieve or maintain ISO 9001 certification.
What to Include in a QMS Audit Checklist
A QMS Audit template should ideally include essential administrative information. Here are the important items you need in the audit template:
Audit Title : Clear identification of what is being audited (e.g., "2024 Q1 Internal QMS Audit")
Audit Date(s) : Start and end dates of the audit period
Audit Location(s) : Physical location(s) where the audit is conducted
Audit Type : Identify whether it's:
1st Party (Internal) - conducted by the organization itself
2nd Party (Supplier) - conducted by customers or stakeholders
3rd Party (Certification) - conducted by accredited certification bodies
Auditor Information : Names, titles, qualifications, and expertise of all auditors involved
Audit Team Members : Lead auditor, scribe, document retrievers, SME coordinators
Department/Process Being Audited : Specific area(s) under review
Scope and Objectives : What is being evaluated and why
For a full scope of items, check out the QMS Audit template by SafetyCulture.
How to Conduct a QMS Audit
Conducting a QMS audit involves four sequential phases: Planning & Preparation (4-8 weeks before), Execution (on-site audit), Reporting & Analysis (post-audit), and Corrective Action & Follow-up .
Begin by defining clear audit objectives and scope, then develop a comprehensive audit plan that includes timeline, resource allocation, and audit criteria. Select qualified, independent auditors and customize audit checklists specific to your standards (e.g., ISO 9001:2015 ). Request all relevant documentation in advance, conduct a gap assessment, communicate the audit plan to auditees, and prepare audit tools.
During On-Site Execution:
Conduct pre-audit opening meeting to establish rapport and clarify expectations
Review documentation systematically (SOPs, quality records, compliance evidence, version control)
Observe actual operations to verify procedures are followed (production floor, QC areas, document handling, training)
Interview key personnel (Quality Manager, Supervisors, Line Staff, Training Coordinator) using open-ended questions to assess QMS understanding
Collect evidence methodically (photographs, document samples, interview notes, measurement data)
Classify findings as: Conformity (meets all requirements), Major Non-Conformity (systemic failure), Minor Non-Conformity (isolated issue), or Observation (improvement suggestion)
Document each finding with specific description, evidence, standard reference, location, responsible person, and priority
Hold daily wrap-up meetings (if multi-day audit) to review progress and discuss preliminary findings
Conduct closing meeting with auditees to present findings, acknowledge strengths, explain next steps, and answer questions
Post-Audit Reporting:
Organize and verify all findings; conduct root cause analysis for significant issues
Develop comprehensive audit report with sections covering: Executive Summary, Audit Details, QMS Assessment against standards, Detailed Findings (Major/Minor Non-Conformities and Observations), Positive Findings, Recommendations, and Appendices
Review report for accuracy, professional tone, and clarity before finalizing
Corrective Action & Follow-up:
Present findings to management and discuss root causes and impact
Develop detailed CAPA (Corrective and Preventive Action) plans for each non-conformity, including responsible parties, target dates, and verification methods
Implement corrective actions while monitoring progress
Verify effectiveness by reviewing implementation, checking procedures are followed, monitoring metrics, and confirming non-conformities are resolved
Conduct follow-up audits for significant findings to confirm effectiveness
Document lessons learned and trends across multiple audits to inform future audit planning
Maintain comprehensive audit records, findings register, and CAPA status tracking
