If you run internal system audits (IATF/ISO 9001) or production-process audits, this piece is for you. Who exactly do I mean? Quality leaders, process engineers, shift supervisors, and anyone who has to connect three worlds every day: requirements, the reality of the shop floor, and documented evidence. This won’t be “encyclopedic.” We’re focusing on an internal audit plan you can literally take in your hand and execute—without chaos.
What will you gain? First—clarity. You’ll know where you’re going, why you’re going, and which evidence you want to see. Second—pace. A daily schedule that won’t fall apart at the first changeover. Third—quality of findings.
Instead of arguing “is this already a nonconformance?”, you’ll have defined criteria, fact-based language, and a consistent recording method. And fourth—closing the loop: the plan “plugs in” from the start, so after the audit there’s less paperwork and more real change.
What is an internal audit plan—and what must it include?
An audit plan is the scenario for a single audit: what we check, on what basis, in what sequence, with whom, and using which methods. It’s not a “pretty form,” but a tool that manages your time and the quality of your evidence. A well-written plan takes you from point A (requirements) to point B (facts/evidence) within the time you’ve set—without improvisation or “we’ll come back tomorrow.”
We also have an official definition of an audit plan (no distinction between internal and external) referenced in ISO 19011:
“a description of the activities and arrangements for an audit.”
It’s also a great way to coordinate audited areas with supporting auditors. In my practice, a few days before the scheduled audit I hold a calibration meeting to agree who will audit which area.
Additionally, we define which internal (site-level) and corporate procedures will be reviewed—especially for system audits.
Reference to ISO 19011:2018 — what a system audit plan must include
For internal system audits, stick to the reference point: ISO 19011:2018 (Guidelines for auditing management systems). This standard clearly states what an audit plan should include at a minimum. Follow it to avoid “blind spots” and debates during management review or a customer audit.
• Audit objectives — why the audit is being conducted (compliance, effectiveness, risk, readiness for a customer audit, etc.).
• Audit scope — processes/areas, locations, organizational units, period covered by the audit, exclusions.
• Audit criteria and reference documents — standards (e.g., ISO 9001, the IATF standard), procedures, work instructions, CSR/OEM, previous corrective actions.
• Auditing team and roles — audit leader, auditors, technical experts, observers; responsibilities.
• Audited parties and contacts — process owners, functions, points of contact.
• Schedule / sequence — e.g., dates, times, order of processes, time for interviews, record review, gemba visit, opening/closing meetings.
• Methods and techniques — interviews, record/document review, observation, sampling, and (if applicable) remote methods (Teams, screen sharing).
• Required resources — access to systems and documents, PPE/H&S, permits, translations, audit language.
• Audit risks and opportunities — e.g., access limitations, confidentiality, time conflicts, production line constraints.
• Reporting requirements — e.g., report format and language, issue date, nonconformity/observation classification, distribution method, confidentiality.
• Logistical arrangements — safety/ESD rules, photo/recording permissions, assembly points, access to special zones.
• Post-audit actions — how to submit corrective actions, deadlines, form of effectiveness review.
Practical tip: In the plan itself, include document numbers, revisions, and owners. ISO 19011 doesn’t mandate a specific template, but the more unambiguous you are about the elements above, the easier it is to defend the plan and finalize the report without questions about the basics.
What are the benefits of using this?
As an auditor, I treat the audit plan as a notebook for all activities — from planning, through calibration, execution, to preparing the final report.
It is also hard evidence for certification body auditors, documenting the time frames and resources used for a given audit.
On the Free Quality Tools page, you can download the Excel template “Internal Audit Plan”—lightweight, practical, and ready to use right away. It includes, among other things, an hourly schedule, an attendance sheet, a methods checklist (interview, observation, document review, sampling), and a risk & resources worksheet.
Dariusz Kowalczyk
Literature:
1. ISO 19011:2018 — Guidelines for auditing management systems, 3rd edition, 2018.
