ISO Internal Audit Process Map

The PDCA process approach is used for business process planning, Business Process Management (BPM), and for business process auditing as well. A process audit is focused on determining process effectiveness and the ability to achieve planned results. What good is a business process that is unable to deliver the planned result?

The plan for a process audit is to start out with some general process audit questions in order to determine what the scope of the process is, what the purpose of the process is, and how the process operates. Now that we understand what the definition of the process is, we can focus on process management audit questions. Then later we can drill down into product realization specific audit questions.

General Process Audit Questions

When auditing a business process it is important to determine how much process planning has gone into the creation of the process and the system of processes that it belongs to. Many business appear to throw their business processes together with so little planning that it is any wonder why it is so hard to achieve planned results.

Business process planning means that each element of the process has been determined. As an auditor we want to understand how much the process participants (employees) understand about their process. Using SIPOC + PDCA is a good place to start. The first two questions revolve around process definition.

1. (ISO 9001:2015 Clause 4.4) Describe the business process you operate and how it relates to the other processes needed for the quality management system? (i.e. Turtle Diagram, Process Map, flow diagram, other)

SIPOCprocess audit

i. What (S) Suppliers do you have for your process?

ii. What (I) Inputs are needed for your process? (materials, information)

iii. What (P) Process steps transform the inputs into outputs?

iv. What (O) Outputs result from your process?

v. What (C) Customers receive outputs from your process?



i. (P) Plan: What Policies, procedures, forms, records and other information have been developed for your process?Process Steps

ii. (D) Do: What data do you monitor or collect? (8.7) What is a process defect or nonconformance? (7.5) How is it documented?

iii. (C) Check: What criteria, objectives, KPIs, or target requirements do you compare to the data? (9.1.3) How do you analyze your process data?

iv. (A) Act: What actions are taken to (10.2.2) correct process defects, waste or nonconformances from occurring?

2. (ISO Clause 7.5) How are these documents and records controlled as documented information?

ISO Auditing

Process Management Audit Questions

A well-defined process will have answers to all of your SIPOC and PDCA questions. Next we want to understand how the process we are assessing relates to other processes within a system of processes — your process system. The linkages within an ISO system stem from your quality policy and quality objectives, which are two key results of your management commitment. The next seven questions revolve around process system management.

3. (ISO Clause 5.2) What is your company Quality Policy?

4. (ISO Clause 6.2.1) What are your company Quality Objectives?

i. How do your process objectives relate to your quality objectives?

ii. (9.3) How often are your company quality policy and objectives reviewed?

5. (ISO Clause 7.2) What skills and training are necessary to operate this process?

i. (7.2) Where are the training records for your process?

6. (ISO Clause 7.1) What kind of safety, security, and environmental precautions do you use at the company?

7. (ISO Clause 9.1.2) How do you know your customer is satisfied with your process outputs?

8. (ISO Clause 9.1.3) What did the latest analysis of your process and systems data tell you about the process?

9. (ISO Clause 10.2.2) How do you know your corrective action process is working?

Product Realization Specific Audit Questions

An effective process management system is obviously well managed; otherwise it would not be effective. Next we drill down into manufacturing (or service) specific questions to understand what the production system looks like. The last six questions revolve around product realization or manufacturing management.

10. (ISO Clause 8.2) What are the customer requirements for an order that moves through your process system?

11. (ISO Clause 8.1) What is a process system defect or nonconformance?

i. (6.1) How do you test for process system defects and make sure nonconformances don’t happen?

12. (ISO Clause 7.1) What equipment do you use to operate this process?

i. (7.1.5) How is it calibrated?

ii. What do you do if you find it is out of calibration?

13. (ISO Clause 8.5) What process controls are in place to make sure nonconformances don’t happen?

14. (ISO Clause 8.3) How do you use design input, review, verification, validation, and change records to ensure your process system outputs meet requirements?

15. (ISO Clause 8.4) How do you communicate your process input needs and/or problem materials to purchasing?

The PDCA process approach is all around us. It is used for business process planning, BPM, and to determine the ability of the process system to achieve planned results — process effectiveness. We do this using a process audit, which starts with general process audit questions, expands to process management audit questions, and ends by drilling down into product realization specific audit questions. ISO process auditing is all about process effectiveness and the ability of the process system to achieve planned results.

Download free examples of policies and procedures from each policy and procedure department manual. Examine 19 different samples to see how easy it is to use Bizmanualz pre-written templates. Or call to inquire about ISO Training Services for your organization.