Sheq Ims Internal Audit Plan

Audit Plan
Process to Audit (Audit Scope):
Audit Date(s): Auditor:

Audit #: Auditor:
Site(s) to Audit:
Applicable Standard Clauses:
ISO 9001:2015 – Complete ISO 14001:2015 – Complete
ISO 45001:2018 – Complete
Applicable Processes to Audit Rev.
Context
4. Context Management 00
Leadership
5.1. Leadership and Commitment 00
5.2. Policies 00
5.3. Organizational Roles, Responsibilities and Accountabilities 00
5.4. Participation and Consultation 00
Planning
6.1. Actions to address Hazards, Risks and Opportunities 00
6.2. Objectives and Planning to Achieve them 00
6.3. Management of Change 00
Support
7.1. Resources 00
7.2. Competence 00
7.3. Awareness N/A
7.4. Communication 00
7.5. Control of Documented Information 00
Operation
Page 1 of 40
8.1. Operational Planning and Control 00
8.2. Requirements for Products and Services 00
8.3. Design and Development 00
8.4. Control of Externally Provided Inputs 00
8.5. Production and Service Provision 00
8.6. Release of Products and Services N/A
8.7. Control of Nonconforming Outputs 00
8.8. Emergency Planning and Control 00
Performance Evaluation
9.1. Monitoring, Measurement, Analysis and Evaluation 00
9.2. Internal Audit 00
9.3. Management Review 00
Improvement
10.1&2. Non-Conformances, Preventative and Corrective Action 00
10.3. Continual Improvement 00
Applicable Checklist to Audit Against
ISO 9001:2015 Quality Management System Requirements - Self-assessment Checklist
ISO 14001:2015 Environmental Management System Requirements - Self-assessment Checklist
ISO 45001:2018 Occupational Health & Safety Management System Self-assessment Checklist
Comparison of Documentation vs Requirements vs Actual Practice
Page 2 of 40
YES / NO /
QUESTION EVIDENCE / NOTES SHEET REF #
NA
Page 3 of 40
4. CONTEXT MANAGEMENT
4.1. Understanding the organization and its context
9001
determine external and internal issues
monitor and review information about these external

and internal issues
14001
determine external and internal issues (environmental

conditions being affected by or capable of affecting
the organization)
45001
determine external and internal issues
4.2. Understanding the needs and expectations of interested parties
9001
determine interested parties
determine requirements
monitor and review information
14001
determine interested parties
determine needs and expectations
compliance obligations
45001
determine interested parties (addition to workers)
determine needs and expectations
compliance obligations
4.3. Determining the scope of the management system
9001
determine the boundaries and applicability
consider external and internal issues
consider requirements of relevant interested parties
consider products and services
Page 4 of 40
apply all the requirements
scope available and be maintained
types of products and services in scope
non-applicability and justification (with no affect on the

organization’s ability or responsibility)
14001
consider compliance obligations
consider units, functions and physical boundaries
consider activities, products and services
consider authority and ability to exercise control and

influence
activities, products and services included in

management system
45001
consider compliance obligations
account for planned or performed work-related

activities
activities, products and services included in

management system
scope available
4.4 Management system and its processes
9001
establish, implement, maintain and continually

improve system
determine the processes needed and application:
determine inputs and outputs
determine sequence and interaction
effective operation and control
Page 5 of 40
determine resources
responsibilities and authorities
risks and opportunities
evaluation and changes
improvement
maintain documented information
retain documented information
14001

improve system
knowledge gained in 4.1 and 4.2
45001

improve system
Effectiveness of the Process
Review the applicable procedure(s) for this process and answer the questions below.
QUESTION YES / NO / NA EVIDENCE / NOTES SHEET REF #
Are the procedure steps accurate and complete as

compared to true practice?
INDICATE ANY PROBLEMS YOU UNCOVERED WITH THE PROCESS:
None
YES / NO /
QUESTION EVIDENCE / NOTES SHEET REF #
NA
5. LEADERSHIP
5.1 Leadership and commitment
5.1.1 General
9001
Page 6 of 40
demonstrate leadership and commitment
5.1.2 Customer focus
9001
requirements are determined, understood and

consistently met
risks and opportunities are determined and addressed
focus on enhancing customer satisfaction
5.2 Policy
9001
establish, implement and maintain a quality policy
communicate the policy
14001
45001
5.3 Organizational roles, responsibilities and authorities
9001
assign responsibilities and authorities
communicated and understood
14001
45001
5.4 Consultation and participation of workers
45001
process(es) for consultation and participation
Page 7 of 40
resources necessary
access to information
remove obstacles or barriers
consultation of non-managerial workers

6. PLANNING
6. Planning
6.1 Actions to address risks and opportunities
6.1.1 General
9001
consider 4.1 & 4.2
achieve its intended result
enhance desirable effects
prevent, or reduce, undesired effects
achieve improvement
plan actions to address these risks and opportunities
plan to integrate and implement the actions
evaluate the effectiveness
14001
establish, implement and maintain process(es)
consider 4.1 & 4.2 & scope
Page 8 of 40
determine risks and opportunities
achieve improvement
determine potential emergency situations - Scope
45001
establish, implement and maintain process(es)
consider 4.1 & 4.2 & 4.3
determine risks and opportunities
achieve intended result
achieve improvement
account for hazards, risks, opportunities,

requirements
maintain documented information on risks and

opportunities, process(es) and actions needed
6.1.2 Planning / Aspects / HIRA & Opportunities
9001
plan actions to address these risks and opportunities
plan to integrate and implement the actions
evaluate the effectiveness
14001
determine environmental aspects
account for changes, abnormal conditions
determine significant environmental aspects
communicate significant environmental aspects
45001
establish, implement and maintain process(es):
work organization, social factors, leadership and

culture
Page 9 of 40
routine and non-routine activities and situations
relevant incidents, internal or external
emergency situations
people
other issues
changes
hierarchy of controls
consider best practices, technological options, and

financial, operational and business requirements
6.1.3 Compliance obligations
14001
determine and have access to compliance obligations
compliance obligations apply to organization
account for compliance obligations
45001
establish, implement and maintain process(es):
determine and have access to compliance obligations
compliance obligations apply to organization and

communication
account for compliance obligations
6.1.4 Planning
14001
address significant environmental aspects
address compliance obligations
address risks and opportunities
integrate and implement the actions
evaluate effectiveness
consider technological options, and financial,
Page 10 of 40
operational and business requirements
45001
address risks and opportunities
address requirements
prepare for and respond to emergency situations
integrate and implement the actions
evaluate effectiveness
hierarchy of controls and outputs
consider best practices, technological options, and

financial, operational and business requirements
6.2 Objectives and planning to achieve them
6.2.1 Objectives
9001
establish objectives
14001
45001
6.2.2 Planning
9001
planning how to achieve, what, who, when, how,

monitoring etc.
14001

monitoring etc.
45001

monitoring etc.
Page 11 of 40
6.3 Planning for Changes
9001
Planning for changes and consequences, purpose,

integrity, resources, responsibilities and authorities

None
7. Support
7.1 Resources
7.1.1 General
9001
determine and provide the resources needed
consider capabilities of, and constraints on, existing

internal resources
Consider what needs to be obtained from external

providers
14001
45001
7.1.2 People
9001
determine and provide the persons necessary
7.1.3 Infrastructure
9001
Page 12 of 40
determine, provide and maintain the infrastructure
7.1.4 Environment for the operation of processes
9001
determine, provide and maintain the environment
7.1.5 Monitoring and measuring resources
7.1.5.1 General
9001
determine and provide the resources
ensure that the resources provided are suitable
ensure that the resources provided are maintained
retain appropriate documented information
7.1.5.2 Measurement traceability
9001
measuring equipment shall be calibrated or verified
measuring equipment shall be identified
measuring equipment shall be safeguarded from

adjustments, damage or deterioration
determine if the validity of previous measurement

results has been adversely
affected
7.1.6 Organizational knowledge
9001
determine the knowledge necessary
knowledge maintained and made available
consider its current knowledge and determine how

to acquire or access any necessary additional
knowledge
7.2 Competence
9001
determine the necessary competence
ensure persons are competent
take actions to acquire the necessary competence,
Page 13 of 40
and evaluate the effectiveness of the actions taken
14001
ensure persons are competent
training needs associated with its environmental

aspects
take actions to acquire the necessary competence,

and evaluate the effectiveness of the actions taken
45001
ensure that workers are competent
take actions to acquire and maintain the necessary

competence, and evaluate the effectiveness of the
actions taken
7.3 Awareness
9001
ensure that persons are aware of policy
ensure that persons are aware of objectives
ensure that persons are aware of their contribution
ensure that persons are aware of implications of not

conforming
14001
ensure that persons are aware of policy
ensure that persons are aware of significant

environmental aspects

conforming
45001
ensure that persons are aware of policy and

objectives
Page 14 of 40

conforming
ensure that persons are aware of incidents and the

outcomes of investigations
ensure that persons are aware of hazards, OH&S

risks and actions determined
ensure that persons are aware of the ability to remove

themselves from work situations
7.4 Communication
7.4.1 General
9001
determine the internal and external communications,

what, when, with whom, how, who
14001
establish, implement and maintain the process(es),

what, when, with whom, how
take into account its compliance obligations
environmental information communicated is

consistent
respond to relevant communications
45001
establish, implement and maintain the process(es),

what, when, with whom, other interested parties, how,
take into account diversity aspects
views of external interested parties are considered
take into account compliance obligations
consistent with information generated
respond to relevant communications
7.4.2 Internal communication
14001
communicate relevant information among the various
Page 15 of 40
levels and functions
communication process(es) contribute to continual

improvement
45001
communicate relevant information among the various

levels and functions
communication process(es) contribute to continual

improvement
7.4.3 External communication
14001
externally communicate relevant information
45001
externally communicate relevant information
7.5 Documented information
7.5.1 General
9001
system includes documented information required and

determined by the organization as being necessary
14001

45001

7.5.2 Creating and updating
9001
ensure appropriate identification and description
ensure appropriate format
ensure review and approval for suitability and

adequacy
14001
Page 16 of 40
adequacy
45001

adequacy
7.5.3 Control of documented information
9001
ensure availability and suitability for use
ensure adequate protection
address activities of distribution, access, retrieval

and use
address activities of storage and preservation,

including preservation of legibility
address activities of control of changes
address activities of retention and disposition
identify and control information of external origin
protect evidence of conformity
14001

and use

45001
Page 17 of 40
and use


8. Operation
8.1 Operational planning and control
8.1.1 General
9001
plan, implement and control the processes (see 4.4)
implement the actions determined in Clause 6, by:
determining the requirements
establishing criteria for processes and acceptance of

products and services
determining the resources needed
implementing control of the processes
determine, maintain and retain documented

information
output of planning is suitable
control planned changes, review consequences of

unintended changes and take action to mitigate any
adverse effects
Page 18 of 40
ensure that outsourced processes are controlled
45001
plan, implement, control and maintain the processes

needed to meet requirements
implement the actions determined in Clause 6 by:
establishing criteria for the processes
implementing control of the processes
maintaining and retaining documented information
adapting work to workers
8.1.2 Eliminating hazards and reducing OH&S risks
establish, implement and maintain a process(es)

for the elimination of hazards and reduction of
OH&S risks:
eliminate the hazard
substitute with less hazardous processes, operations,

materials or equipment
use engineering controls and reorganization of work
use administrative controls, including training
use adequate personal protective equipment
8.1.3 Management of change
establish a process(es) for the implementation and

control of planned temporary and permanent changes
that impact OH&S performance, including:
new products, services and processes, or changes to

existing products, services and processes
changes to legal requirements and other requirements
changes in knowledge or information about hazards

and OH&S risks
developments in knowledge and technology
review the consequences of unintended changes,

taking action to mitigate any adverse effects, as
necessary
8.1.4 Procurement
8.1.4.1 General
Page 19 of 40
establish, implement and maintain a process(es) to
control the procurement of products and services
8.1.4.2 Contractors
coordinate its procurement process(es) with its

contractors, to identify hazards and to assess and
control the OH&S risks, arising from the:
contractors’ activities and operations that impact the

organization
organization’s activities and operations that impact the

contractors’ workers
contractors’ activities and operations that impact other

interested parties in the workplace
ensure that the requirements of its OH&S

management system are met by contractors and their
workers
procurement process(es) shall define and apply

occupational health and safety criteria for the
selection of contractors
8.1.4.3 Outsourcing
ensure that outsourced functions and processes are

controlled
ensure that its outsourcing arrangements are

consistent with legal requirements and other
requirements and with achieving the intended
outcomes
The type and degree of control to be applied to these

functions and processes shall be defined within the
OH&S management system
8.2 Requirements for products and services
8.2.1 Customer communication
9001
Communication with customers shall include:
providing information relating to products and services
handling enquiries, contracts or orders, including

changes
obtaining customer feedback relating to products and

services, including customer complaints
handling or controlling customer property
Page 20 of 40
establishing specific requirements for contingency
actions, when relevant
8.2.2 Determining the requirements for

ensure that:
the requirements for the products and services are

defined, including:
any applicable statutory and regulatory requirements;
those considered necessary by the organization;
the organization can meet the claims for the products

and services it offers.
8.2.3 Review of the requirements for products

and services
ensure that it has the ability to meet the requirements

for products and
services to be offered to customers.
conduct a review before committing to supply

products and services to a customer, to include:
requirements specified by the customer, including the

requirements for delivery and post-delivery
activities;
requirements not stated by the customer, but

necessary for the specified or intended use, when
known;
requirements specified by the organization;
statutory and regulatory requirements applicable to

the products and services;
contract or order requirements differing from those

previously expressed.
ensure that contract or order requirements differing

from those previously
defined are resolved.
customer’s requirements shall be confirmed by the

organization before acceptance, when the
customer does not provide a documented statement
of their requirements.
retain documented information, as applicable:
on the results of the review;
on any new requirements for the products and
Page 21 of 40
services
8.2.4 Changes to requirements for products

and services
ensure that relevant documented information is

amended, and that relevant persons are made aware
of the changed requirements, when the requirements
for products and services are changed.
8.2 Emergency preparedness and response
establish, implement and maintain a process(es)

needed to prepare for and respond to potential
emergency situations, as identified in 6.1.2.1,
including:
establishing a planned response to emergency

situations, including the provision of first aid;
providing training for the planned response;
periodically testing and exercising the planned

response capability;
evaluating performance and, as necessary, revising

the planned response, including after testing and in
particular after the occurrence of emergency
situations;
communicating and providing relevant information to

all workers on their duties and responsibilities;
communicating relevant information to contractors,

visitors, emergency response services, government
authorities and, as appropriate, the local community;
taking into account the needs and capabilities of all

relevant interested parties and ensuring their
involvement, as appropriate, in the development of
the planned response.
maintain and retain documented information on the

process(es) and on the plans for responding to
potential emergency situations.
8.3 Design and development of products and services
8.3.1 General
9001
establish, implement and maintain a design and

development process that is
appropriate to ensure the subsequent provision of
8.3.2 Design and development planning
Page 22 of 40
9001
consider:
the nature, duration and complexity of the design and

development activities;
the required process stages, including applicable

design and development reviews;
the required design and development verification and

validation activities;
the responsibilities and authorities involved in the

design and development process;
the internal and external resource needs for the

design and development of products and services;
the need to control interfaces between persons

involved in the design and development process;
the need for involvement of customers and users in

the design and development process;
the requirements for subsequent provision of products

and services;
the level of control expected for the design and

development process by customers and other
relevant interested parties;
the documented information needed to demonstrate

that design and development requirements
have been met.
8.3.3 Design and development inputs
9001
determine the requirements essential for the specific

types of products and services to be designed and
developed. The organization shall consider:
functional and performance requirements;
information derived from previous similar design and

development activities;
statutory and regulatory requirements;
standards or codes of practice that the organization

has committed to implement;
potential consequences of failure due to the nature of

the products and services.
Page 23 of 40
adequate for design and development purposes,
complete and unambiguous.
conflicting design and development inputs shall be

resolved.
retain documented information on design and

development inputs.
8.3.4 Design and development controls
9001
apply controls to the design and development process

to ensure that:
the results to be achieved are defined;
reviews are conducted to evaluate the ability of the

results of design and development to meet
requirements;
verification activities are conducted to ensure that the

design and development outputs meet the
input requirements;
validation activities are conducted to ensure that the

resulting products and services meet the
requirements for the specified application or intended
use;
any necessary actions are taken on problems

determined during the reviews, or verification and
validation activities;
documented information of these activities is retained.
8.3.5 Design and development outputs
9001
ensure that design and development outputs:
meet the input requirements;
are adequate for the subsequent processes for the

provision of products and services;
include or reference monitoring and measuring

requirements, as appropriate, and acceptance criteria;
specify the characteristics of the products and

services that are essential for their intended purpose
and their safe and proper provision.
retain documented information on design and

development outputs.
Page 24 of 40
8.3.6 Design and development changes
9001
8.4 Control of externally provided processes, products and services
8.4.1 General
9001
ensure that externally provided processes, products

and services conform to requirements.
determine the controls to be applied to externally

provided processes, products
and services when:
products and services from external providers are

intended for incorporation into the organization’s
own products and services;
products and services are provided directly to the

customer(s) by external providers on behalf of
the organization;
a process, or part of a process, is provided by an

external provider as a result of a decision by the
organization.
determine and apply criteria for the evaluation,

selection, monitoring of
performance, and re-evaluation of external providers,
based on their ability to provide processes or
products and services in accordance with
requirements.
retain documented
information of these activities and any necessary
actions arising from the evaluations.
8.4.2 Type and extent of control
ensure that externally provided processes, products

and services do not
adversely affect the organization’s ability to
consistently deliver conforming products and services
to
its customers.
The organization shall:
ensure that externally provided processes remain

within the control of its quality management
system;
define both the controls that it intends to apply to an

external provider and those it intends to apply
Page 25 of 40
to the resulting output;
take into consideration:
the potential impact of the externally provided

processes, products and services on the
organization’s ability to consistently meet customer
and applicable statutory and regulatory
requirements;
the effectiveness of the controls applied by the

external provider;
determine the verification, or other activities,

necessary to ensure that the externally provided
processes, products and services meet requirements.
8.4.3 Information for external providers
ensure the adequacy of requirements prior to their

communication to the
external provider.
communicate to external providers its requirements

for:
the processes, products and services to be provided;
the approval of:
products and services;
methods, processes and equipment;
the release of products and services;
competence, including any required qualification of

persons;
the external providers’ interactions with the

organization;
control and monitoring of the external providers’

performance to be applied by the organization;
verification or validation activities that the

organization, or its customer, intends to perform at the
external providers’ premises.
8.5 Production and service provision
8.5.1 Control of production and service

provision
implement production and service provision under

controlled conditions.
Controlled conditions shall include, as applicable:
Page 26 of 40
the availability of documented information that
defines:
the characteristics of the products to be produced, the

services to be provided, or the activities
to be performed;
the results to be achieved;
the availability and use of suitable monitoring and

measuring resources;
the implementation of monitoring and measurement

activities at appropriate stages to verify that
criteria for control of processes or outputs, and
acceptance criteria for products and services,
have been met;
the use of suitable infrastructure and environment for

the operation of processes;
the appointment of competent persons, including any

required qualification;
the validation, and periodic revalidation, of the ability

to achieve planned results of the processes
for production and service provision, where the
resulting output cannot be verified by subsequent
monitoring or measurement;
the implementation of actions to prevent human error;
the implementation of release, delivery and post-

delivery activities.
8.5.2 Identification and traceability
use suitable means to identify outputs when it is

necessary to ensure the
conformity of products and services.
identify the status of outputs with respect to

monitoring and measurement
requirements throughout production and service
provision.
control the unique identification of the outputs when

traceability is a
requirement, and shall retain the documented
information necessary to enable traceability.
8.5.3 Property belonging to customers or

external providers
exercise care with property belonging to customers or

external providers while
it is under the organization’s control or being used by
Page 27 of 40
the organization.
identify, verify, protect and safeguard customers’ or

external providers’ property
provided for use or incorporation into the products and
services.
the property of a customer or external provider is lost,

damaged or otherwise found to be
unsuitable for use, the organization shall report this to
the customer or external provider and retain
documented information on what has occurred.
8.5.4 Preservation
preserve the outputs during production and service

provision, to the extent
necessary to ensure conformity to requirements.
8.5.5 Post-delivery activities
meet requirements for post-delivery activities

associated with the products
and services.
consider:
statutory and regulatory requirements;
the potential undesired consequences associated with

its products and services;
the nature, use and intended lifetime of its products

and services;
customer requirements;
customer feedback.
8.5.6 Control of changes
review and control changes for production or service

provision, to the extent
necessary to ensure continuing conformity with
requirements.
retain documented information describing the results

of the review of changes,
the person(s) authorizing the change, and any
necessary actions arising from the review.
8.6 Release of products and services
implement planned arrangements, at appropriate

stages, to verify that the
product and service requirements have been met.
release of products and services to the customer shall
Page 28 of 40
not proceed until the planned arrangements
have been satisfactorily completed, unless otherwise
approved by a relevant authority and, as
applicable, by the customer.
retain documented information on the release of

products and services. The
documented information shall include:
evidence of conformity with the acceptance criteria;
traceability to the person(s) authorizing the release.
8.7 Control of nonconforming outputs
ensure that outputs that do not conform to their

requirements are
identified and controlled to prevent their unintended
use or delivery.
take appropriate action based on the nature of the

nonconformity and its effect
on the conformity of products and services. This shall
also apply to nonconforming products and
services detected after delivery of products, during or
after the provision of services.
deal with nonconforming outputs in one or more of the

following ways:
correction;
segregation, containment, return or suspension of

provision of products and services;
informing the customer;
obtaining authorization for acceptance under

concession.
Conformity to the requirements shall be verified when

nonconforming outputs are corrected.
retain documented information that:
describes the nonconformity;
describes the actions taken;
describes any concessions obtained;
identifies the authority deciding the action in respect

of the nonconformity.
Verify the Effectiveness of the Process
Page 29 of 40

9. Performance Evaluation
9.1 Monitoring, measurement, analysis and performance evaluation
9.1.1 General
9001
determine:
what needs to be monitored and measured;
the methods for monitoring, measurement, analysis

and evaluation needed to ensure valid results;
when the monitoring and measuring shall be

performed;
when the results from monitoring and measurement

shall be analysed and evaluated
evaluate the performance and the effectiveness of the

quality management system
retain appropriate documented information as

evidence of the results.
45001
establish, implement and maintain a process(es) for

monitoring, measurement, analysis and performance
evaluation.
determine:
what needs to be monitored and measured, including:
the extent to which legal requirements and other

requirements are fulfilled;
its activities and operations related to identified

hazards, risks and opportunities;
progress towards achievement of the organization’s
Page 30 of 40
OH&S objectives;
effectiveness of operational and other controls;
methods for monitoring, measurement, analysis and

performance evaluation, as applicable, to ensure valid
results;
criteria against which the organization will evaluate its

OH&S performance;
when the monitoring and measuring shall be

performed;
when the results from monitoring and measurement

shall be analysed, evaluated and communicated
evaluate the OH&S performance, and determine the

effectiveness of the OH&S management system.
ensure that monitoring and measuring equipment is

calibrated or verified as applicable, and is used and
maintained as appropriate.
retain appropriate documented information:
evidence of the results of monitoring, measurement,

analysis and performance evaluation;
on the maintenance, calibration or verification of

measuring equipment.
9.1.2 Customer satisfaction
9001
monitor customers’ perceptions of the degree to

which their needs and
expectations have been fulfilled.
determine the methods for obtaining,

monitoring and reviewing this information.
9.1.2 Evaluation of compliance
45001
establish, implement and maintain a process(es) for

evaluating compliance with legal requirements and
other requirements (see 6.1.3).
determine the frequency and method(s) for the

evaluation of compliance;
evaluate compliance and take action if needed (see

10.2);
maintain knowledge and understanding of its
Page 31 of 40
compliance status with legal requirements and other
requirements;
retain documented information of the compliance

evaluation result(s).
9.1.3 Analysis and evaluation
9001
analyse and evaluate appropriate data and

information arising from monitoring
and measurement.
The results of analysis shall be used to evaluate:
conformity of products and services;
the degree of customer satisfaction;
the performance and effectiveness of the quality

management system;
if planning has been implemented effectively;
the effectiveness of actions taken to address risks and

opportunities;
the performance of external providers;
the need for improvements to the quality management

system.
9.2 Internal audit
9001
conduct internal audits at planned intervals to provide

information on
whether the quality management system:
conforms to:
requirements for its quality management system;
requirements of this International Standard;
effectively implemented and maintained.
plan, establish, implement and maintain an audit

programme(s) including the frequency, methods,
responsibilities, planning requirements and reporting,
which shall take into consideration the
importance of the processes concerned, changes
affecting the organization, and the results of
previous audits;
define the audit criteria and scope for each audit;
Page 32 of 40
select auditors and conduct audits to ensure
objectivity and the impartiality of the audit process;
ensure that the results of the audits are reported to

relevant management;
take appropriate correction and corrective actions

without undue delay;
retain documented information as evidence of the

implementation of the audit programme and the
audit results.
45001
conduct internal audits at planned intervals to provide

information on whether the OH&S management
system:
conforms to:
organization’s own requirements for its OH&S

management system, including the OH&S policy and
OH&S objectives;
the requirements of this document;
is effectively implemented and maintained.
plan, establish, implement and maintain an audit

programme(s) including the frequency, methods,
responsibilities, consultation, planning requirements
and reporting, which shall take into consideration the
importance of the processes concerned and the
results of previous audits;
define the audit criteria and scope for each audit;
select auditors and conduct audits to ensure

objectivity and the impartiality of the audit process;
ensure that the results of the audits are reported to

relevant managers; ensure that relevant audit results
are reported to workers, and, where they exist,
workers’ representatives, and other relevant
interested parties;
take action to address nonconformities and

continually improve its OH&S performance (see
Clause 10);

implementation of the audit programme and the audit
results.
9.3 Management review
9.3.1 General
Page 33 of 40
9001
review the organization’s quality management system,

at planned intervals, to
ensure its continuing suitability, adequacy,
effectiveness and alignment with the strategic
direction of
the organization.
45001
review the organization’s OH&S management system,

at planned intervals, to ensure its continuing
suitability, adequacy and effectiveness.
management review shall include consideration of:
the status of actions from previous management

reviews;
changes in external and internal issues that are

relevant to the OH&S management system including:
the needs and expectations of interested parties;
legal requirements and other requirements;
risks and opportunities;
extent to which the OH&S policy and the OH&S

objectives have been met;
information on the OH&S performance, including

trends in:
incidents, nonconformities, corrective actions and

continual improvement;
monitoring and measurement results;
results of evaluation of compliance with legal

requirements and other requirements;
audit results;
consultation and participation of workers;
risks and opportunities;
adequacy of resources for maintaining an effective

OH&S management system;
relevant communication(s) with interested parties;
opportunities for continual improvement.
Page 34 of 40
outputs of the management review shall include
decisions related to:
continuing suitability, adequacy and effectiveness of

the OH&S management system in achieving its
intended outcomes;
continual improvement opportunities;
any need for changes to the OH&S management

system;
resources needed;
actions if needed;
opportunities to improve integration of the OH&S

management system with other business processes;
any implications for the strategic direction of the

organization.
communicate the relevant outputs of management

reviews to workers, and, where they exist, workers’
representatives (see 7.4).

results of management reviews.
9.3.2 Management review inputs
9001
management review shall be planned and carried out

taking into consideration:
the status of actions from previous management

reviews;
changes in external and internal issues that are

relevant to the quality management system;
information on the performance and effectiveness of

the quality management system, including
trends in:
customer satisfaction and feedback from relevant

interested parties;
the extent to which quality objectives have been met;
process performance and conformity of products and

services;
nonconformities and corrective actions;
monitoring and measurement results;
Page 35 of 40
audit results;
the performance of external providers;
the adequacy of resources;
the effectiveness of actions taken to address risks and

opportunities (see 6.1);
opportunities for improvement.
9.3.3 Management review outputs
9001
outputs of the management review shall include

decisions and actions related to:
opportunities for improvement;
any need for changes to the quality management

system;
resource needs.

results of management reviews.

None
10 Improvement
10.1 General
9001
determine and select opportunities for improvement

and implement any
necessary actions to meet customer requirements
and enhance customer satisfaction.
shall include:
Page 36 of 40
improving products and services to meet
requirements as well as to address future needs and
expectations;
correcting, preventing or reducing undesired effects;
improving the performance and effectiveness of the

quality management system.
45001
determine opportunities for improvement (see Clause

9) and implement necessary actions to achieve the
intended outcomes of its OH&S management system.
10.2 Incident, nonconformity and corrective action
9001
nonconformity occurs, including any arising from

complaints, the organization shall:
react to the nonconformity and, as applicable:
take action to control and correct it;
deal with the consequences;
evaluate the need for action to eliminate the cause(s)

of the nonconformity, in order that it does not
recur or occur elsewhere, by:
reviewing and analysing the nonconformity;
determining the causes of the nonconformity;
determining if similar nonconformities exist, or could

potentially occur;
implement any action needed;
review the effectiveness of any corrective action

taken;
update risks and opportunities determined during

planning, if necessary;
make changes to the quality management system, if

necessary.
actions shall be appropriate to the effects of the

nonconformities encountered.
retain documented information as evidence of:
the nature of the nonconformities and any subsequent

actions taken;
Page 37 of 40
the results of any corrective action.
45001
establish, implement and maintain a process(es),

including reporting, investigating and taking action, to
determine and manage incidents and
nonconformities.
When an incident or a nonconformity occurs, the

organization shall:
react in a timely manner to the incident or

nonconformity and, as applicable:
take action to control and correct it;
deal with the consequences;
evaluate, with the participation of workers (see 5.4)

and the involvement of other relevant interested
parties, the need for corrective action to eliminate the
root cause(s) of the incident or nonconformity, in order
that it does not recur or occur elsewhere, by:
investigating the incident or reviewing the

nonconformity;
determining the cause(s) of the incident or

nonconformity;
determining if similar incidents have occurred,

nonconformities exist, or if they could potentially
occur;
review existing assessments of OH&S risks and other

risks, as appropriate (see 6.1);
determine and implement any action needed,

including corrective action, in accordance with the
hierarchy of controls (see 8.1.2) and the management
of change (see 8.1.3);
assess OH&S risks that relate to new or changed

hazards, prior to taking action;
review the effectiveness of any action taken, including

corrective action;
make changes to the OH&S management system, if

necessary.
Corrective actions shall be appropriate to the effects

or potential effects of the incidents or nonconformities
encountered.
retain documented information as evidence of:
Page 38 of 40
the nature of the incidents or nonconformities and any
subsequent actions taken;
the results of any action and corrective action,

including their effectiveness.
communicate this documented information to relevant

workers, and, where they exist, workers’
representatives, and other relevant interested parties.
10.3 Continual improvement
9001
continually improve the suitability, adequacy and

effectiveness of the quality
management system.
consider the results of analysis and evaluation, and

the outputs from
management review, to determine if there are needs
or opportunities that shall be addressed as part of
continual improvement.
45001
continually improve the suitability, adequacy and

effectiveness of the OH&S management system, by:
enhancing OH&S performance;
promoting a culture that supports an OH&S

management system;
promoting the participation of workers in implementing

actions for the continual improvement of the OH&S
management system;
communicating the relevant results of continual

improvement to workers, and, where they exist,
workers’ representatives;
maintaining and retaining documented information as

evidence of continual improvement.

Page 39 of 40
None
Summary of Findings for CAR system
Based on the findings and nonconformities you have recorded in the previous sections, summarize the
necessary actions needed. For type, choose one of the following:
C = Corrective action needed (existing noncompliance)
P = Preventive action needed (potential noncompliance)
OFI= Opportunity for Improvement
MAJOR
ISO DESCRIBE FINDING AS YOU WANT IT TO APPEAR IN
CAR # TYPE /
CLAUSE THE CAR SYSTEM.
MINOR
See Corrective Action System
Audit Report Review
The Management System ………………………………….
________________________________________
Signature of Auditor
___________________________________ 2020
Date
Page 40 of 40

Sheq Ims Internal Audit Plan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sheq Ims Internal Audit Plan

Uploaded by

Copyright:

Available Formats

Audit Plan

Process to Audit (Audit Scope):

Audit Date(s): Auditor:

ISO 45001:2018 – Complete

Applicable Processes to Audit Rev.

5.1. Leadership and Commitment 00

5.3. Organizational Roles, Responsibilities and Accountabilities 00

5.4. Participation and Consultation 00

6.1. Actions to address Hazards, Risks and Opportunities 00

6.2. Objectives and Planning to Achieve them 00

6.3. Management of Change 00

7.3. Awareness N/A

7.5. Control of Documented Information 00

8.2. Requirements for Products and Services 00

8.3. Design and Development 00

8.4. Control of Externally Provided Inputs 00

8.5. Production and Service Provision 00

8.6. Release of Products and Services N/A

8.7. Control of Nonconforming Outputs 00

8.8. Emergency Planning and Control 00

9.1. Monitoring, Measurement, Analysis and Evaluation 00

9.2. Internal Audit 00

9.3. Management Review 00

10.1&2. Non-Conformances, Preventative and Corrective Action 00

10.3. Continual Improvement 00

Applicable Checklist to Audit Against

ISO 9001:2015 Quality Management System Requirements - Self-assessment Checklist

ISO 14001:2015 Environmental Management System Requirements - Self-assessment Checklist

Comparison of Documentation vs Requirements vs Actual Practice

4.1. Understanding the organization and its context

determine external and internal issues

monitor and review information about these external

determine external and internal issues (environmental

determine external and internal issues

4.2. Understanding the needs and expectations of interested parties

determine interested parties

monitor and review information

determine interested parties

determine needs and expectations

determine interested parties (addition to workers)

determine needs and expectations

4.3. Determining the scope of the management system

determine the boundaries and applicability

consider external and internal issues

consider requirements of relevant interested parties

consider products and services

scope available and be maintained

types of products and services in scope

non-applicability and justification (with no affect on the

determine the boundaries and applicability

consider external and internal issues

consider compliance obligations

consider units, functions and physical boundaries

consider activities, products and services

consider authority and ability to exercise control and

activities, products and services included in

determine the boundaries and applicability

consider external and internal issues

consider compliance obligations

account for planned or performed work-related

activities, products and services included in

4.4 Management system and its processes

establish, implement, maintain and continually

determine the processes needed and application: