ISO 9001 Internal Audit Plan & Schedule Template (Free Excel Download)
Free ISO 9001 Internal Audit Schedule Templates
Annual schedule + individual audit plan, ready for your next audit cycle.
Excel format · ISO 9001:2015 Clause 9.2 compliant · Free, no email required
A template gets you organized. Software keeps you there.
Internal audit schedules are easy to build and hard to maintain. When your team grows or your audit scope changes, a spreadsheet doesn't update itself. Training Tiger keeps your audit-related training records current automatically — so you're always ready, not just prepared.
See how it works →The Two Documents Every ISO 9001 Auditor Expects
When an external auditor arrives for a surveillance or recertification audit, one of the first things they ask for under Clause 9.2 is evidence of your audit program. Most organizations think they have this covered because they have an audit checklist. They don't.
There are actually two distinct documents:
- 1.The Annual Audit Schedule (or Audit Program) — the high-level plan showing which processes and clauses will be audited, by whom, and when across the year. This is what satisfies Clause 9.2's “planned intervals” requirement.
- 2.The Individual Audit Plan — the scope, objectives, and schedule for a specific audit event. Used when you're conducting the audit itself.
The checklist is a third tool — it's what you use during each audit to gather evidence. You need all three. This article focuses on the first two, which are the ones most frequently missing when auditors ask for records.
What Clause 9.2 Actually Requires
ISO 9001:2015 Clause 9.2 states that the organization shall conduct internal audits at planned intervals to provide information on whether the QMS conforms to requirements and is effectively implemented.
The specific Clause 9.2.2 requirements for the audit program are:
| Requirement | What auditors look for |
|---|---|
| Planned intervals | Documented schedule showing all processes covered at least once per year |
| Importance of processes | Higher-risk processes (production, CAPA, customer complaints) audited more frequently |
| Previous audit results | Evidence that past findings influenced this year's audit frequency or focus |
| Objectivity | Auditors not auditing their own work (Clause 9.2.2d) |
| Report results | Audit findings reported to relevant management |
| Retain records | Documented information of audit program and results as retained records |
The standard does not require a specific format, nor does it mandate a minimum number of audits per year. It requires a planned, documented, and executed program that covers all processes. What that looks like in practice depends on your organization's size and complexity.
How to Build Your Annual Audit Schedule
Start by mapping your QMS processes to ISO 9001 clauses. Every process in scope needs to appear on the schedule at least once. For most manufacturing organizations, the typical audit areas and their primary clauses look like this:
| Process / Area | Primary Clauses | Suggested Frequency |
|---|---|---|
| Management & Planning | 4, 5, 6, 9.3 | Annual |
| Document & Records Control | 7.5 | Annual |
| HR, Training & Competence | 7.1, 7.2, 7.3 | Annual |
| Infrastructure & Work Environment | 7.1.3, 7.1.4 | Annual |
| Monitoring, Measurement & Calibration | 7.1.5, 9.1 | Annual |
| Production / Service Delivery | 8.1, 8.5, 8.6 | Semi-annual (high risk) |
| Customer-Related Processes | 8.2, 8.4 | Annual |
| Supplier Management | 8.4 | Annual |
| Nonconformance & CAPA | 8.7, 10.2 | Semi-annual (high risk) |
| Performance Evaluation | 9.1, 9.2, 9.3 | Annual |
Once you have your process list, assign each audit to a quarter — spreading them through the year rather than bunching everything before the external audit. External auditors will notice if all your internal audits happened in the 30 days before their visit.
Assign auditors based on competence and independence. The auditor must not audit their own work area. In small organizations, this sometimes means cross-training the quality manager to audit production, and the production supervisor to audit the quality management system documentation.
What the Template Includes
The download includes two tabs: the Annual Audit Schedule and an Individual Audit Plan.
Tab 1: Annual Audit Schedule
- ✓Process / Audit Area — What is being audited (department, process, or clause group)
- ✓ISO 9001 Clauses — Relevant clause numbers covered in this audit
- ✓Audit Scope — Brief description of what is in scope
- ✓Planned Date — Scheduled audit window
- ✓Auditor — Name of the internal auditor assigned
- ✓Audit Method — Document review, interviews, process observation, or combined
- ✓Actual Date — Filled in when audit is completed
- ✓Status — Planned / In Progress / Complete / Overdue
- ✓Findings — Number of major/minor nonconformities or observations
- ✓Notes — Any relevant context — previous findings, scope changes, etc.
Tab 2: Individual Audit Plan
The individual audit plan is the document prepared before each specific audit. It typically includes:
- ✓Audit Objective — What the audit is intended to determine
- ✓Audit Scope — Specific processes, locations, and time period in scope
- ✓Audit Criteria — Standards, procedures, and requirements being audited against
- ✓Audit Team — Lead auditor and any co-auditors
- ✓Auditee — Department or process owner being audited
- ✓Planned Activities — Document review, opening meeting, on-floor observation, closing meeting
- ✓Agenda / Timeline — Time blocks for each activity during the audit day
- ✓Resources Needed — Documents to review, areas to access, people to interview
Five Audit Program Mistakes That Become Findings
1. All audits in Q4
Bunching all internal audits in the quarter before your external audit is a pattern auditors recognize immediately. It suggests the audit program is reactive, not proactive. Spread audits across the year.
2. Not all clauses covered
If your schedule doesn't show coverage of clauses 4 through 10, you have a gap. External auditors review your schedule and check that every element of the standard was internally audited during the cycle.
3. Auditor auditing their own work
Clause 9.2.2(d) is explicit: auditors must not audit their own work. Assigning the quality manager to audit the quality management system documentation she wrote is a finding.
4. Schedule with no evidence of execution
Having a plan is not sufficient. You must have records showing the audits were actually conducted — completed checklists, audit reports, and documented findings. A schedule with all planned dates but no actual dates is a red flag.
5. No consideration of previous results
Clause 9.2 requires that the audit program take into account "results of previous audits." If you found nonconformities in production last year, production should appear with higher frequency or priority this year.
Where Training Tiger Fits In
The internal audit plan covers your audit schedule and process — but auditors also dig into your Clause 7 compliance during those audits. Specifically:
- ✓Clause 7.2 (Competence) — Can you show that personnel doing quality-impacting work have the required training and competency? Training Tiger gives you a live training matrix and completion records that auditors can review directly.
- ✓Clause 7.5 (Document Control) — Are your procedures and work instructions the current revision? Are employees trained on the latest version? Training Tiger tracks document revisions and links them to training assignments automatically.
- ✓Clause 9.2 (Internal Audit) — The audit program itself can be managed in Training Tiger using document control features to version-control your audit schedule and retain records of completed audits.
Stop managing compliance in spreadsheets
Training Tiger tracks document control, training records, and competency matrices automatically — so when your internal auditor asks for records, you can pull them in seconds instead of hours.
Start Free TrialFrequently Asked Questions
Does ISO 9001 require a specific number of internal audits per year?
No. Clause 9.2 requires audits at "planned intervals" but does not specify a number. The key requirement is that all QMS processes and all applicable clause requirements are covered within each audit cycle. Most organizations complete one full cycle per year. External auditors look for evidence that the program is systematic, not that it hits a quota.
Can a small company with one person handle internal audits?
Yes, but with constraints. A single-person quality department cannot audit themselves. Common solutions: train a supervisor or department head to conduct audits of the QMS documentation, hire an external consultant to audit specific areas, or participate in a shared audit program with a peer company (less common). External auditors understand small business constraints but still expect the objectivity requirement to be met.
What happens if we miss an internal audit that was scheduled?
Missing a scheduled internal audit is not automatically a nonconformity, but it becomes one if it means a process or clause goes uncovered for the full audit cycle. Document the reason for the delay and reschedule promptly. If an external auditor sees an incomplete audit program with no explanation or corrective action, expect a finding.
Do we need a qualified lead auditor to conduct internal audits?
ISO 9001 does not require a specific auditor certification for internal audits — it requires that auditors be "competent" and maintain "impartiality and objectivity." In practice, most organizations send at least one person through a CQA, ISO 9001 Lead Auditor, or internal auditor training course. Competence evidence is typically a training certificate plus documented audit experience.