Internal audit checklist

Preliminary API Q1 (9th edition)

DRAFT

th Preliminary API Q1 9th edition audit checklist Spec Q1, 9 Edition Yellow field indicates Soft requirement (as applicable, if necessary) Orange field indicates NEW (9th edition) requirement

4.1 4.1.1 4.1.1 4.1.1 4.1.2 4.1.2 4.1.2 4.1.2 4.1.2 4.1.3 4.1.3 4.1.3 4.1.3 4.1.4 4.1.4 4.1.4 4.1.5 4.1.5.1

4.1.5.1 4.1.5.1 4.1.5.2

4.1.5.2 4.1.5.2 4.1.5.2 4.1.5.2 4.2 4.2.1

4.2.1 4.2.1 4.2.2 4.2.3 4.2.3 4.2.3 4.2.3 4.2.3 4.3 4.3.1

Quality Management System General Establish, document, implement and maintain QMS at all times Measure effectiveness and improve QMS Quality Policy Top Management identifies, documents and approves policy Policy appropriate and basis for quality objectives Communicated, understood, implemented and maintained Statement of commitment to comply and improve QMS Quality Objectives Management and top management establish Established at relevant functions and levels Measureable and consistent with quality policy Planning a. Criteria and methods of QMS determined and effective b. Planning of QMS carried out to meet requirements Communication Internal Communication processes established Effectiveness of QMS communicated a. Requirements communicated within the organization b. Data analysis results communicated within organization External Determine, document & implement external communication process a. for execution of inquiries, contracts, amendments b. for product information and nonconformities c. for addressing feedback and complaints d. quality plans and changes Management Responsibility Organization Structure Top management ensures availability of resources Management commitment to QMS and its improvement a. Management ensures objects established including KPIs b. Management conducts management reviews Responsibility and Authority Roles and responsibilities defined Management Representative Top management appoints management representative who: a. Ensures processes established, implemented and maintained b. Reports to top management on performance of QMS c. Initiates actions to minimize nonconformances d. Ensure promotion of awareness of customer requirements Organization Capability Provision of Resources Determine and provide resources needed for QMS

NEW

Soft

NEW

Internal audit checklist

Preliminary API Q1 (9th edition)
4.3.2 4.3.2.1 Human Resources General Procedure for competency and training Procedure includes provisions for determining effectiveness Personnel Competence Personnel competent to meet requirements Records of competency determination Training and Awareness a. QMS training for personnel and contractors a. QMS training for contractors b. Allow for customer-specified/provided training c. Frequency and content identified d. Personnel aware of importance of activities and contribution e. Training on legal requirements f. Records maintained Work Environment Provide, manage and maintain work environment, including a. Buildings, workspace and utilities b. Process equipment c. Support services d. Physical, environment and other factors Documentation Requirements General a. Statements of policy and objectives b. Quality manual, that includes: 1) Scope or QMS and justifications for exclusions 2) Legal requirements 3) Interaction of processes of QMS 4) Identification of processes requiring validation 5) Reference to procedures of the QMS c. Procedures for the QMS d. Documents/records for planning, operation & control of QMS Procedures Procedures established, documented, implemented and maintained Control of Documents Procedure for control of documents, including external documents Procedure specifies responsibilities for approval and re-approval a. Documents reviewed and approved before use b. Changes and revision status identified c. Documents remain legible and identifiable d. Documents available where activity performed External document controlled to ensure correct version used Obsolete documents removed or identified Procedures, work instructions, and forms controlled Use of External Documents in Product Realization Translate requirements into the product realization process Control of Records Procedure for records control Initiate, ID, collect, store, protect, retrieve and retain records Individuals responsible identified, Records including outsourced activities provide evidence of conform Records legible, identifiable and retrievable,

DRAFT

4.3.2.2

NEW

4.3.2.3 4.3.2.3 4.3.2.3 4.3.2.3 4.3.2.3 4.3.2.3 4.3.2.3 4.3.2.3 4.3.3 4.3.3 4.3.3 4.3.3 4.3.3 4.4 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.1 4.4.2

Soft

NEW NEW

NEW

NEW NEW

NEW

4.4.3

4.4.3 4.4.3 4.4.3 4.4.3

NEW Soft 4.2.3, 4.2.4 4.2.4 4.2.4.1 No Requirement 4.2.4

4.4.4 4.5

Internal audit checklist

Preliminary API Q1 (9th edition)
Records maintained for 5 years minimally or per specification Product Realization Contract Review General Procedure for review of requirements and provision of products Determination of Requirements Determine requirements specified by customer Determine legal requirements Determine requirements not stated by customer but needed Review of Requirements Review the requirements related to provision of products Review conducted before commitment to deliver product Requirements identified and documented Requirement differences resolved Organization has capability to meet requirements When changed, documents amended and personnel notified Records maintained Planning Plan processes needed for product realization Planning consistent with requirements of other processes of QMS Address required resources and work environment Address product and customer-specified requirements Address legal and other requirements Address contingencies based on risk assessment Address design requirements Address required verification, validation, monitoring, insp & test Address management of change Address records Planning output updated with changes Planning suitable for organization Risk Assessment and Management Procedure to identify and control risk Identify techniques, tools and their application Identify methods to assess risk Identify controls for selection, communication & implementation Risk includes product conformity requirements Risk includes facility/equipment maintenance Risk includes personnel competency and availability Risk includes supplier performance Records maintained Design and Development Design and Development Planning Procedure to plan and control design and development Plans and updates Design and development stages Resources, responsibilities, authorities and interfaces Review, verification and validation activities Final review of design Controls for other organization design locations impacting design Controls for outsourced design activities Design and Development Inputs Inputs identified and reviewed for adequacy and completeness Inputs include functional and technical requirements Customer specified requirements 5 5.1 5.1.1 5.1.2 5.1.2a 5.1.2b 5.1.2c 5.1.3

DRAFT
4.2.4.1

7.2.2.1 7.2.1a 7.2.1c, 7.2.1d 7.2.1b,7.2.2 7.2.2 7.2.2 7.2.2a 7.2.2b 7.2.2c 7.2.2 7.2.2 7.1 7.1 7.1b 7.1b No Requirement No Requirement 7.1a 7.1c No Requirement 7.1d No Requirement 7.1 No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement

5.1.3a 5.1.3b 5.1.3c

5.2

5.2a 5.2b 5.2c 5.2d 5.2e 5.2f 5.2g 5.2h

5.3 5.3a 5.3b 5.3c 5.3.1) 5.3.2) 5.3.3) 5.3.4) 5.4 5.4.1 5.4.1a 5.4.1b 5.4.1c 5.4.1d 5.4.1e

7.3.1.1 7.3.1 7.3.1a 7.3.1, 7.3.1c 7.3.1b 7.3.4.1 No Requirement 7.3.1.1 7.3.2, 7.3.2.1 7.3.2a, 7.3.2d 7.3.2.1

5.4.2

5.4.2a

Internal audit checklist

Preliminary API Q1 (9th edition)
5,4.2b 5.4.2c 5.4.2d 5.4.2e 5.4.2f 5.4.2g 5.4.3 5.4.3a 5.4.3b 5.4.3c 5.4.3d 5.4.3e 5.4.4 5.4.4a 5.4.4b External sources (API Specifications) Environmental and operational conditions Methods, assumption and formulae documentation Historical performance Legal requirements Risk assessment Records maintained Design and Development Outputs Outputs verified against input requirements Meet input requirements Provide purchasing, production and post-delivery information Design acceptance criteria Results of calculations Specify characteristics essential for safe and proper use Records maintained Design and Development Review Review for adequacy to meet requirements Identify problems and propose actions Participants from concerned functions Records maintained of review Design and Development Final Review and Verification Ensure output meets input requirements Conduct final review and verification Conducted by Individuals who did not develop design Records maintained of final review and verification Design and Development Validation and Approval Product capable of meeting specified requirements Performed prior to delivery Completed designs approved Records maintained for validation and approval Design and Development Changes Changes identified Changes reviewed, verified and validated and approved Evaluation of the effect of changes on product and parts delivered Changes require same controls as original design Records maintained Contingency Planning General Procedure for contingency planning Includes incident and disruption prevention and mitigation Based on assessed risk Output documented and communicated Updated Planning Output Includes actions required in response to significant risk Includes identification and assignment of responsibilities Includes internal and external communications controls Purchasing Purchasing Control Procedure Procedure for control of purchase products and outsourced activities Determine criticality Initial evaluation and selection of suppliers

DRAFT
7.3.2d 7.3.2d 7.3.1.2 7.3.2c 7.3.2b No Requirement 7.3.2.1 7.3.3 7.3.3a 7.3.3b 7.3.3c 7.3.1.2 7.3.3d 7.3.3.1 7.3.4a 7.3.4b 7.3.4 7.3.4 7.3.4.1, 7.3.5 7.3.4.1 7.3.4.1 7.3.4, 7.3.5 7.3.6 7.3.6 No Requirement 7.3.6 7.3.7 7.3.7 7.3.7 7.3.7.1 7.3.7

5.4.5

5.4.6

5.4.7

5.5 5.5.1

No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement

5.5.2 5.5.2a 5.5.2b 5.5.2c 5.6 5.6.1 5.6.1.1

5.6.1.1a 5.6.1.1b

4.1, 4.1.1, 7.4.1, 7.4.1.1 No Requirement 7.4.1

Internal audit checklist

Preliminary API Q1 (9th edition)
5.6.1.1c 5.6.1.1d 5.6.1.1e 5.6.1.1e 5.6.1.1f 5.6.1.2 5.6.1.2a 5.6.1.2b i) 5.6.1.2b ii) 5.6.1.2b iii) 5.6.1.3 5.6.1.3a 5.6.1.3b 5.6.1.3c 5.6.1.4 5.6.1.5 5.6.1.6 Type/extent of control on supplier based on criticality Criteria, scope, frequency, and methods for re-assessment List of approved suppliers List of approved supplier scope Control of outsourced activities Initial Supplier Evaluation - Critical Purchases Criteria for initial evaluation of critical suppliers Supplier QMS conforms to specified requirements Assessment by on-site evaluation of supplier or Assessment by first article inspection or Evaluation of product of proprietary contractual situations Initial Supplier Evaluation - Noncritical Purchases Meeting the requirements, 5.6.1.2, or Assessment of supplier to meet purchase requirements or Supplier QMS conforms to specified requirements, or Assessment of supplier upon delivery of product Supplier Re-evaluation Re-evaluation requirements follow those of 5.6.1.3 Supplier Evaluation - Records Supplier evaluation records maintained Outsourcing Control over outsourced activities Organization's applicable QMS requirements satisfied Maintain responsibility for product conformance to requirements Records maintained Purchasing Information Ensure adequacy of information Information documented and includes: Acceptance criteria Requirements for approval of supplier procedures Applicable versions of documents Requirements for supplier personnel qualification QMS requirements Verification of Purchased Products or Activities Procedure for verification of products or activities Control for verification at supplier's premises Products or activities conform to requirements Records maintained Production and Servicing Provision Control of Production and Servicing Production Procedure for production of products and includes: Information on characteristics of product Implementation of quality plans Design requirements satisfied Availability and use of equipment Availability of work instructions Ensure traceability Implementation of monitoring and measurement activities Implementation of product release, delivery & post-delivery Servicing Procedure for servicing of products and includes Implementation of servicing requirements Design requirements satisfied Availability and use of equipment

DRAFT
No Requirement 7.4.1 No Requirement No Requirement 4.1, 4.1.1, 7.4.1.3 No Requirement 7.4.1.2d 7.4.1.2a No Requirement No Requirement No Requirement 7.4.1.2c 7.4.1.2d 7.4.1.2b 7.4.1.2 7.4.1 4.1, 4.1.1 4.1 4.1.1 No Requirement 7.4.2 7.4.2 7.4.2a 7.4.2a 7.4.2.1 7.4.2b 7.4.2c 7.4.3.1 7.4.3 7.4.3 7.4.3.1

5.6.2

5.6.2a 5.6.2b 5.6.2c 5.6.2d 5.6.3

5.7 5.7.1 5.7.1.1 5.7.1.1a 5.7.1.1b 5.7.1.1c 5.7.1.1d 5.7.1.1e 5.7.1.1f 5.7.1.1g 5.7.1.1h 5.7.1.2 5.7.1.2a 5.7.1.2b 5.7.1.2c

7.5.1.1 7.5.1a No Requirement No Requirement 7.5.1c, 7.5.1d 7.5.1b No Requirement 7.5.1e 7.5.1f 7.5.1.1 7.5.1a No Requirement 7.5.1c, 7.5.1d

Internal audit checklist

Preliminary API Q1 (9th edition)
5.7.1.2d 5.7.1.2e 5.7.1.2f 5.7.1.2g Availability of work instructions Ensure traceability Implementation of monitoring and measurement activities Implementation of product release, delivery & post-delivery Process documents of servicing meet 5.7.1.3 Records maintained Process Control Documents Controls in routings, travelers, checklists, etc. Controls include API product specifications or equivalent Reference instructions, workmanship and acceptance criteria Product Realization Capability Documentation Maintain evidence of capability to meet product requirements Validation of Processes for Production and Servicing Validate process where output cannot be subsequently verified Validation shows processes achieve planned results Outsourced processes require same controls Procedure established and includes: Required equipment Qualification of personnel Use of methods, including operating parameter identification of acceptance criteria Requirements for records Revalidation Validation processes identified in product specifications Otherwise validate NDE, welding, heat treating Product Quality Plan Plan developed for QMS and resource requirement Description of product to be manufactured Required processed, including records Control of outsourced activities Identification of procedures Identification of hold/witness points Approved by organization and customer Identification and Traceability Procedure for identification Procedure of required traceability Maintenance and replacement of identification and traceability Records maintained Product Inspection/Test Status Procedure for identification of product inspection/test status Ensure product meets requirements or Product released under concession CustomerSupplied Property Procedure for control of customer property ID, verify, safeguard, preserve, maintain & control customer property Controls for reporting loss, damage or unsuitability to customer Records maintained Preservation of Product General Procedure for preservation of product and parts Procedure for ID, trace., trans., handling, packaging, and protect Storage and Assessment Procedure for storage and assessment

DRAFT
7.5.1b No Requirement 7.5.1e 7.5.1f No Requirement No Requirement 7.5.1.2 No Requirement 7.5.1.2 No Requirement 7.5.2 7.5.2 7.4.1.3 7.5.2 7.5.2b 7.5.2b 7.5.2c 7.5.2a 7.5.2d 7.5.2e 7.5.2.1 7.5.2.1 No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement No Requirement 7.5.3 7.5.3 7.5.3.2 7.5.3 7.5.3.3 No Requirement 8.3b 7.5.4.1 7.5.4 7.5.4 7.5.4

5.7.1.3

5.7.1.4 5.7.1.5

5.7.1.5a 5.7.1.5b 5.7.1.5c 5.7.1.5d 5.7.1.5e 5.7.1.5f

5.7.2 5.7.2a 5.7.2b 5.7.2c 5.7.2d 5.7.2e 5.7.3

5.7.4

5.7.5

5.7.6 5.7.6.1

7.5.5.1 7.5.5.1

5.7.6.2

7.5.5.1

Internal audit checklist

Preliminary API Q1 (9th edition)
Use of designated storage areas Assessment of stock at specified intervals Intervals appropriate to the product/part being assessed Records of assessment maintained Inspection and Testing General Procedure for inspection and testing Requirement for in-process and final inspection/testing Records maintained Inprocess Inspection and Testing Inspect and test at planned stages Evidence of conformity maintained Final Inspection and Testing Final inspection in accordance with plan or procedures Preventive Maintenance Procedure for preventive maintenance of manufacturing equipment Type of equipment to be maintained Frequency Responsible person Records maintained Control of Testing, Measuring and Monitoring Equipment Determine the testing, monitoring and measurement requirements Procedure for calibration of equipment include: equipment identification equipment traceability frequency of calibration calibration method acceptance criteria, assess measurements when equipment is out of calibration records of assessment and customer notification Safeguard equipment from adjustments Protected from damage and deterioration Used in suitable environment Confirmation of software when used in measurement Verification of externally provided equipment Registry of equipment, including unique identification Records of calibration maintained Product Release Procedure for release of product under planned arrangements Approved for release by customer under concession Release by personnel not involved with manufacturing Records maintained Control of Nonconforming Product General Procedure for addressing nonconforming product, including product identification and unintended use eliminating nonconformity take action to preclude intended use authorizing use under concession take action after delivery identify and report nonconformity after delivery or use analysis of nonconformity after delivery or use Records maintained

DRAFT
No Requirement 7.5.5.2 No Requirement No Requirement

5.7.7 5.7.7.1

8.2.4.1 8.2.4 8.2.4 8.2.4 8.2.4 8.2.4.2 No Requirement No Requirement No Requirement No Requirement No Requirement 7.6 7.6.1 7.6c 7.6a 7.6a, 7.6b 7.6.1 7.6.1 7.6 7.6 7.6d 7.6e 7.6.2 7.6 No Requirement No Requirement 7.6 8.2.4.1 8.2.4 8.2.4 8.2.4

5.7.7.2

5.7.7.3 5.7.8

5.7.8a 5.7.8b 5.7.8c 5.8

5.8a 5.8b 5.8c 5.8d 5.8e 5.8f 5.8f 5.8.1 5.8.2 5.8.3

5.9

5.10 5.10.1 5.10.1a 5.10.1b 5.10.1c 5.10.1d 5.10.1e 5.10.1f 5.10.1g

8.3 8.3 8.3a 8.3c 8.3b 8.3d 5.6.2c 8.4 8.3

Internal audit checklist

Preliminary API Q1 (9th edition)
5.10.2 5.10.2a 5.10.2b 5.10.2c 5.10.2d 5.10.2e 5.10.3 5.10.3a 5.10.3b 5.10.4 Nonconforming Product Repair or rework to meet requirements Regrade for alternative applications Accept under concession when DAC not applicable Accept per 5.10.3 when DAC applies Reject/scrap Re-inspected in accordance with procedures Release or Acceptance under MAC or OAC Accepting products that do not satisfy MAC Accepting products that do not satisfy original DAC Customer Notification Notify customers if products do not meet requirements after delivery Records of customer notification maintained Records Records of nonconformities maintained Management of Change QMS integrity maintained when changes are planned/implemented QMS Monitoring, Measurement, Analysis and Improvement General Monitor, measure QMS for conformity and continually improve Methods include techniques for analysis of data, and their use Monitoring, Measuring and Improving Customer Satisfaction Procedure for customer satisfaction Determine frequency of measurement, feedback, KPIs Records maintained Internal Audit General Procedure for internal audits Verification of implementation of QMS to requirements Planning considers results of previous audits Identify criteria, scope frequency and methods Audits performed annually On-site outsourced activities subject to internal audits Performance of Internal Audit Performed by competent personnel independent of area audited Records maintained QMS Proc's audited before claiming conformance to specification Audit Review and Closure Identify response times for addressing nonconformities Management of audited areas take corrective actions Results of audits and corrective actions reported to management Records maintained Process Evaluation Evaluation methods used to show QMS achieves results Not achieve, correction/corrective action taken Analysis of Data Procedure for collecting and analyzing data Includes data from monitoring/measurement, audits, man. reviews

DRAFT

No Requirement No Requirement No Requirement No Requirement No Requirement 8.3 8.3.1a 8.3.1b 8.3.3 8.3.3 8.3 5.4.2b

5.10.5 5.11

6 6.1

4.1c, 8.1b, 8.1c, 8.5.1 8.1

6.2 6.2.1

6.1b, 8.2.1 8.2.1 No Requirement

6.2.2 6.2.2.1

8.2.2 8.2.2a, 8.2.2b 8.2.2 8.2.2 8.2.2.1 No Requirement 8.2.2, 8.2.2.1 8.2.2 No Requirement

6.2.2.2

6.2.2.3

8.2.2, 8.2.2.2 8.2.2 5.6.2a 8.2.2 4.1e, 4.1f, 8.2.3 8.2.3 8.4.1, 4.1c 8.4

6.2.3

6.3

Internal audit checklist

Preliminary API Q1 (9th edition)
6.3a 6.3b 6.3c 6.3d 6.3e 6.3f 6.4 6.4.1 6.4.2 Output includes information on: customer satisfaction conformity to product requirements nonconformities trends of processes and products supplier performance objectives Use data for continual improvement Improvement General Continually improve effectiveness of QMS Corrective Action (Control of Nonconforming Process) Procedure for process nonconformances Corrective actions appropriate to effects of the nonconformities Review nonconformity and customer complaints Determine and implement corrections Identify root cause and evaluate need for corrective actio Implement corrective action Identify timeframe and personnel Verification of effectiveness MoC when corrective actions require new controls Records maintained Records identify activities performed to verify effectiveness Preventive Action (Control of Potential Nonconforming Process) Procedure for process potential nonconformances Preventive actions appropriate to effects of the nonconformities Identify need for improvements Identify potential nonconformity and cause(s) Evaluate need for preventive action Identify timeframe and personnel Verification of effectiveness MoC when preventive actions require new controls Records maintained Management Revie General QMS reviewed annually by management Review includes oFIs and need for change to QMS Input Requirements Effectiveness of actions resulting from previous reviews Results of audits Changes to QMS, including legal Customer feedback Process effectiveness, including risk assessment Status of corrective and preventive actions Analysis of supplier performance Analysis of product conformity and field nonconformity Recommendations for improvement Output Requirements Summary of effectiveness of QMS Required changes to processes Required resources Improvements in meeting customer requirements Top management review output of management reviews Reviews documented and records maintained

DRAFT
8.4a 8.4b No Requirement 8.4c 8.4d No Requirement 8.4

8.5.1. 8.5.2 8.5.2 8.5.2a 8.5.2c, 8.5.2d 8.5.2b, 8.5.2d 8.5.2d 8.5.2.2 8.5.2f No Requirement 8.5.2e No Requirement

6.4.2a 6.4.2b 6.4.2c 6.4.2d 6.4.2e 6.4.2f 6.4.2g

6.4.3

6.4.3a 6.4.3b 6.4.3c 6.4.3d 6.4.3e 6.4.3f 6.5 6.5.1

8.5.3 8.5.3 8.5.3c 8.5.3a 8.5.3b No Requirement 8.5.3e No Requirement 8.5.3d

5.6.1, 5.1d 5.6.1, 5.3e 5.6.2e 5.6.2a 5.6.2f 5.6.2b No Requirement 5.6.2d No Requirement 5.6.2c 5.6.2g 5.6.3a 5.6.3a 5.6.3c 5.6.2b 5.6.1 5.6.1

6.5.2 6.5.2a 6.5.2b 6.5.2c 6.5.2d 6.5.2e 6.5.2f 6.5.2g 6.5.2h 6.5.2i 6.5.3

Internal audit checklist

Preliminary API Q1 (9th edition)

DRAFT