Audit readiness checklist (cross-industry)

This checklist is a calendar-based readiness plan for an upcoming external audit, initial certification, surveillance, recertification, customer audit, or regulator inspection. It is structured by time horizon: T-12 weeks, T-4 weeks, T-1 week, and audit week. Adapt the items to your standard. The structural items below apply to ISO 9001 and inherit cleanly to ISO 13485, 14001, 27001, and 45001 because of the shared High Level Structure.

T-12 weeks, confirm scope and schedule

• Confirm the audit type, standard(s), scope, and dates with the certification body or customer audit team in writing.
• Verify the lead auditor’s name, contact, and any specialist qualifications required for your scope.
• Confirm the audit plan or request the agenda once available.
• Identify the auditees per process and notify them.
• Reserve a private audit room with whiteboard, screen, and reliable network.
• Arrange visitor passes, NDAs (if applicable), and onsite logistics.

T-12 weeks, internal audit programme

• Verify the internal audit programme covers all clauses and processes at least once in the current certification cycle.
• Schedule any outstanding internal audits to complete by T-6 weeks at the latest.
• Confirm internal auditors are competent and independent for the processes they audit.

T-12 weeks, corrective and preventive actions

• Pull the open nonconformity register. Identify any open more than 90 days; either close them or document the reason for delay.
• Verify effectiveness reviews exist for closed nonconformities in the past 12 months.
• Update the risk and opportunity register if any new risks have emerged.

T-8 weeks, documented information

• Walk the master document register. Verify every document in scope is current.
• Approve any pending revisions; retire any superseded documents.
• Verify cross-references work, manual section to procedure, procedure to work instruction, procedure to record template.
• Spot-check 10 documents for control evidence (revision number, approver, owner, review date).

T-6 weeks, management review

• Schedule the management review if not already held in the current audit period.
• Confirm minutes from the most recent review include all required inputs and decisions.
• Confirm actions arising have status updates.

T-6 weeks, KPIs and objectives

• Verify each quality objective has current data, owner, status, and commentary.
• Verify customer satisfaction trend has fresh data.
• Refresh the management dashboard.

T-4 weeks, process walks

• For each process in scope, run a process walk-through with the process owner. Confirm:
  • The procedure reflects how the work is actually done.
  • Records are being captured as required.
  • Equipment, calibration, software tooling are in date.
  • Competence evidence is on file for personnel involved.
• Capture any gaps as nonconformities and start corrective action.

T-4 weeks, supplier and external provider records

• Confirm supplier evaluations and re-evaluations are current.
• Pull a sample of purchase orders and verify supplier requirements flowed through.
• Verify the approved supplier list is current.

T-4 weeks, competence and training

• Pull a stratified sample of personnel records. Verify competence evidence and training records are current.
• Confirm awareness sessions in the past 12 months had attendance evidence.
• Confirm onboarding training for new starters covers the QMS.

T-2 weeks, mock audit

• Run a mock audit on the highest-risk process. Use the same checklist the external auditor likely will.
• Capture any findings; address before the actual audit.
• Brief auditees on what to expect, what evidence to bring, and how to answer questions (“show me, do not tell me; I do not know is an acceptable answer if you can find out”).

T-1 week, final tidy

• Confirm the audit room booking and logistics.
• Confirm the audit-day point of contact and the reserve.
• Print or electronically cache the documents the auditor is most likely to ask for: quality manual, process map, master document register, risk register, internal audit reports, management review minutes, nonconformity register, training matrix.
• Confirm the closing-meeting attendees can clear their calendar.

Audit week, etiquette

• Opening meeting: confirm scope, schedule, communication, confidentiality, and report timing.
• During the audit: auditees answer the auditor’s questions directly; the audit guide does not answer for them.
• Findings as they arise: seek clarification on the requirement cited and the evidence; agree the wording; resist the urge to argue about closed findings until the closing meeting.
• Closing meeting: confirm findings, grading, response timeline. Sign off the audit summary.

Audit week, escalation triggers

Escalate to senior leadership if any of the following arise:

• A major nonconformity that may affect certification status.
• A regulatory finding that requires statutory reporting.
• An auditor disagreement that cannot be resolved at process-owner level.
• A nonconformity that overlaps with a customer-facing commitment.

After the audit

• Within 5 working days: confirm written findings match the closing meeting summary; flag any drift.
• Within agreed window (typically 30 to 60 days): submit corrective action plans for each finding with root cause and target dates.
• Track to closure in the corrective action register.
• Update the QMS where the audit identified improvement opportunities.
• Brief the team, what went well, what to improve.

Pitfalls

• Last-minute fire drills. A T-12 calendar prevents the all-night print-and-bind sessions.
• Handling findings adversarially. Findings are inputs to improvement, not personal failures.
• Closing nonconformities without effectiveness review. The next audit will reopen them.
• Hiding open issues. Auditors do not penalise transparency about in-flight work; they penalise concealment.

Related articles

• Internal audit checklist (downloadable)
• Compliance gap analysis template
• ISO 9001 implementation guide
• Management review minutes template