9.1 Internal Systems Audits (ISO 19011)

While Layered Process Audits (LPA) check if the operator is following the rules today, the Internal Systems Audit asks if the rules themselves are compliant, effective, and actually being read. This is the health check of the Quality Management System (QMS). If you treat the internal audit as a "checkbox exercise" to satisfy ISO 9001, you are wasting resources. The goal is to find the cracks in the foundation before the external auditor (or the customer) finds them.

The Auditor's Mindset: Fact Finder, Not Fault Finder

An audit is not an interrogation; it is a sampling exercise to verify conformity. The auditor's authority comes from the standard, not their title.

Independence Logic:

If you manage the process → Then you cannot audit the process. Conflict of interest invalidates the result.
If the auditor reports to the Production Manager → Then the audit is compromised. Auditors must have a direct line to Quality Leadership.

The "Show Me" Rule:

Stop accepting verbal assurances.

Auditee: "We always calibrate the torque drivers on Mondays."
Auditor: "Show me the calibration log for the last three Mondays."
If the log is missing → Then it didn't happen. Write the finding.

Risk-Based Scheduling

Do not audit every department with the same frequency. Allocate resources where the risk lives.

Scheduling Logic:

If a process had a major CAR or Customer Complaint last quarter → Then increase audit frequency (e.g., from Annual to Quarterly).
If a process involves "Special Processes" (Soldering, Coating, Welding) where output cannot be verified by inspection → Then audit heavily.
If a department (e.g., HR) has been stable for 3 years → Then reduce frequency to minimum compliance levels.

Classifying Findings

Not all problems are equal. Use rigid definitions to prevent "argument creep" during the closing meeting.

Major Non-Conformance:

Definition: A total breakdown of a system requirement or a direct risk to the customer.
Example: No control plan exists for a new product line; Shipment of non-conforming product without a waiver.
Action: Immediate Management Review.

Minor Non-Conformance:

Definition: A single observed lapse in discipline that does not threaten the system's integrity.
Example: One document in a sample of 10 was unsigned; A calibration sticker fell off a bin.
Action: Fix within 30 days.

Opportunity for Improvement (OFI):

Definition: The process is compliant, but inefficient or risky.
Example: "Consider digitalizing this log to prevent handwriting errors."
Action: Optional implementation.

Final Checklist

Control Point	Critical Requirement	Risk Avoided
Independence	Auditor must not belong to the department being audited.	Conflict of Interest / Bias
Evidence	Findings based on Objective Evidence (Records, Photos) only.	Hearsay / Subjective Disputes
Frequency	Schedule driven by Risk and Past Performance.	Wasting time on stable processes
Closing	No surprises. All findings discussed before the final report.	Adversarial relationships
Follow-up	Verify effectiveness of CAPA, not just "closure."	Recurrent Findings

1.1 QMS Scope, Process Map & Mandatory Records

1.2 Documentation Control & Data Integrity

1.3 Change Control & Configuration Management (ECR/ECO/Deviation control)

1.4 Competence & Training Management (Skills Matrix)

1.5 Templates Pack: NCR, CAPA, Audit, Calibration, Incoming Report

2.1 ESD Control Program (ANSI/ESD S20.20)

2.2 MSD Handling & Storage (J-STD-033)

2.3 Shelf Life & Expiry Control: Chemical Integrity

3.1 APQP & PPAP

3.2 Material Compliance: RoHS, REACH, & Conflict Minerals

3.3 Failure Mode and Effects Analysis (FMEA)

3.4 Control Plan + Reaction Plan (Stop/Contain/Release Rules)

3.5 First Article Inspection (AS9102)

3.6 Regulatory Compliance: The EMS Interface

4.1 Governance and Operating Model

4.2 Audits and Capability Verification

4.3 The Incoming Inspection Plan (IQC)

4.4 Supplier Nonconformance (SCAR) Management

4.5 Supplier Corrective Action (SCAR/8D) + Effectiveness Check

4.6 Change Control and Deviations

5.1 Bare Board Inspection (IPC-A-600)

5.2 IPC-A-610 Classifications & Criteria

5.3 Cable & Harness Assembly (IPC/WHMA-A-620)

5.4 Box Build & Mechanical Assembly (IPC-A-630)

5.5 Cosmetic Inspection Standards (Visual Quality)

5.6 Rework & Repair (IPC-7711/7721)

5.7 Defect Taxonomy & Disposition Rules (Linked to MRB)

6.1 Measurement System Analysis (MSA / Gauge R&R)

6.2 Calibration Management

6.3 Equipment Validation (IQ/OQ/PQ)

6.4 Inspection Method Validation (AOI/X-Ray/ICT/FCT Correlation)

7.1 Statistical Process Control (SPC): Cp & Cpk

7.2 Operational Metrics: FPY, RTY, CoQ & Review Cadence

7.3 Test Process Quality (ICT/FCT & Retest Limits)

7.4 Layered Process Audits (LPA)

8.1 NCR Workflow: Detect, Quarantine, Disposition, Close

8.2 Internal MRB & Quarantine Discipline

8.3 Root Cause Analysis (RCA) & CAPA

8.4 Containment Playbook: Suspect Lots, Line Stop Triggers & Escape Handling

8.5 RMA Processing & Field Failure Analysis

9.1 Internal Systems Audits (ISO 19011)

9.2 Hosting the Customer Audit

9.3 Audit Program: Annual Plan, Checklist Library & Evidence Index

9.4 The Quarterly Business Review (QBR) & Quality Strategy

9.1 Internal Systems Audits (ISO 19011)

The Auditor's Mindset: Fact Finder, Not Fault Finder

Risk-Based Scheduling

Classifying Findings

Final Checklist