![IMS Audit Checklist To Secure ISO Certification [Free Download]](data:image/svg+xml;nitro-empty-id=Nzc0OjkzMA==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMTIwMCA2MjgiIHdpZHRoPSIxMjAwIiBoZWlnaHQ9IjYyOCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48L3N2Zz4=)
If you’re preparing for an audit, your IMS audit checklist is the most useful tool you can have. It helps you track exactly what your business needs to do to meet ISO standards and secure ISO 9001 certification in Australia. You save time, avoid guesswork, and make sure nothing gets missed.
This article walks you through what an Integrated Management System (IMS) is and why aligning with ISO 9001, ISO 14001, and ISO 45001 matters for your business. You will understand the purpose behind the checklist, who it’s designed for, and what you gain from using it. Then, you will learn how to prepare properly for an IMS audit, how the checklist is structured, and how to conduct the audit step by step. You will also get a free, downloadable IMS audit checklist to apply directly to your system.
If your goal is certification, you need to get your audit process right. Start with the right checklist. Start here.
What is an Integrated Management System (IMS)?
An Integrated Management System (IMS) allows your business to manage quality, environmental, and workplace health and safety requirement s under one framework. Instead of operating three separate systems for ISO 9001, ISO 14001, and ISO 45001, you combine them into a single, streamlined approach. This improves coordination, cuts duplication, and helps your business meet obligations with less effort and fewer mistakes.
The three core standards—quality management, environmental responsibility, and occupational health and safety—form the foundation of most IMS requirements. Aligning with them helps you meet legal obligations, manage risks, improve customer satisfaction, and create a safer workplace.
Meeting these standards shows your commitment to doing things right across all operations. It also builds trust with clients, regulators, and suppliers.
The IMS audit checklist is a practical tool for internal reviews. It helps you prepare for certification, stay compliant, and track what still needs attention. Each item links to a standard requirement, making it easier to confirm that your processes match both the standards and your business commitments.
You can also use the checklist to record findings, assign actions, and monitor progress. Regular audits catch issues early, keep records accurate, and ensure procedures are followed. They also support continuous improvement by revealing trends and risks.
Audits give clear feedback on what works and what needs attention. That helps your team focus efforts and stay ready for certification.
How to Prepare for an IMS Audit
Effective preparation sets the stage for a smooth audit. When you define your system scope, keep documents in order, and involve the right people, you reduce stress and avoid surprises.
Start by listing the ISO standards relevant to your business—typically ISO 9001 (quality), ISO 14001 (environment), and ISO 45001 (health and safety). Identify the laws and regulations that apply to your industry, operations, and location. Your system must show how you meet both standard and legal requirements. Review your registers, permits, licences, and applicable codes of practice.
Define the scope of your integrated management system. Include locations, departments, services, and activities. Justify any exclusions. Your scope should reflect your actual operations to help auditors focus and avoid confusion.
Gather the records and procedures that support your system—policies, manuals, registers, risk assessments, training records, and procedures. Ensure each document is current, approved, and version-controlled. If you’re using management system software, it should store and track all documents.
Assign auditors who understand your processes and can assess them objectively. Avoid self-audits. Train auditors in ISO standards and internal procedures. Good auditors ask clear questions, observe work practices, and report without bias. Their input can uncover issues before certification audits.
Set an audit date that allows for proper preparation. Create a schedule that lists what will be audited, when, and by whom. Notify staff in advance, especially if access to specific areas or records is required. Make sure key people are available to explain their processes.
Use your IMS audit checklist to stay on track. It helps you cover all requirements and avoid missed steps.
How to Structure an IMS Audit Checklist
A well-structured audit checklist helps your business assess compliance with ISO standards and legal requirements. It should follow the logical flow of an audit and account for cross-functional risks that affect quality, environment, and health and safety.
Start by listing the main clauses from ISO 9001, ISO 14001, and ISO 45001. These standards share the same structure, with clauses numbered from 4 to 10. Use these as your checklist framework: Clause 4 (Context), Clause 5 (Leadership), Clause 6 (Planning), and so on. Under each clause, write clear, requirement-based questions.
Add columns to show which standards each item applies to. This helps you identify overlaps—for example, incident reporting may relate to all three standards. Highlighting these links reduces duplication and demonstrates that your system works as one.
Prioritise high-risk areas. Focus on processes with past nonconformities, complex controls, or legal obligations. Ask how risks are identified, managed, and reviewed. Include checks for controls, records, and corrective actions.
This structure gives your internal audits clarity, consistency, and focus. It connects your day-to-day operations to ISO requirements and makes your integrated management system easier to assess.
1. Clause 4 – Context of the Organisation
Before building or auditing any part of an IMS, you must understand the environment you work in, both inside and out. This forms the foundation of the entire system. It shapes how you manage risks, plan actions, and deliver on your objectives.
The IMS audit checklist tests whether your organisation has laid this groundwork properly. Each of the following points should be clearly defined and supported by evidence.
Have external issues that are relevant to the organisation’s purpose, the achievement of customer satisfaction, and the organisation’s strategic direction been determined?
Start by examining what’s happening outside your business. This includes the legal, economic, environmental, and social conditions that affect your work. For example, if your business relies on imported materials, global supply disruptions are a key external issue. If you work in construction, regulatory changes can shift your priorities overnight. These must be documented and reviewed regularly.
Have internal issues that affect the intended outcomes of the management system been identified and documented?
Look inward. Internal issues might involve staffing levels, ageing equipment, financial stability, or organisational culture. These influence your ability to meet your objectives. You must record them and keep them up to date as your business evolves. They help shape risk assessments, planning, and resource decisions.
Are the needs and expectations of relevant interested parties determined, monitored and reviewed?
Customers, staff, suppliers, regulators, and shareholders all have expectations. Some are legal obligations. Others are tied to quality, safety, or environmental concerns. You must identify who matters, what they expect, and how you will meet those expectations. Then you need to check in and review those needs over time.
Has the scope of the IMS been established based on strategic direction, products, services, and compliance obligations?
You must draw clear boundaries. The scope of your IMS defines what parts of your business it covers. It must reflect your current services, operations, and compliance duties. For example, if your business operates across multiple sites, the scope should state whether the system applies to all locations or only specific ones. This clarity avoids gaps and confusion during an audit.
Are the processes required for the IMS defined, sequenced, and interacting appropriately?
An IMS is not just a collection of documents. It is a set of connected processes. Each must be described, understood, and placed in the right order. You need to show how they work together. For example, your purchasing process should link to supplier evaluation. Your project planning must inform your risk assessments. This is what makes systems consistent and repeatable.
Using the best IMS software in Australia can make these tasks simpler, especially for businesses juggling multiple standards. A well-built system helps you manage complexity without missing critical links. When you address Clause 4 properly, your business builds a clear, reliable base for everything else the standard requires.
2. Clause 5 – Leadership
Strong leadership anchors every integrated management system. Without direction from the top, policies remain words on paper. Clause 5 examines whether those in charge have taken responsibility and led from the front. The IMS audit checklist checks for real, visible involvement.
Here’s what this clause requires you to demonstrate:
Has top management demonstrated leadership and commitment to the IMS through active involvement and resource provision?
Top management must take ownership. They must provide clear support, allocate time, assign staff, and ensure resources meet system needs. This includes being present in meetings, reviewing results, and driving improvements. If senior leaders only delegate tasks but never participate, the system stalls.
Is there an established and communicated policy that reflects quality, environmental and OHS commitments?
Your policy must exist, but more importantly, staff should understand it. The policy must match what you do. It should reflect your commitment to safety, the environment, and the delivery of quality work. Everyone in your business should be able to connect their role to this commitment.
Does the policy provide a framework for setting objectives and include commitments to satisfy requirements and improve the system?
A good policy forms the base for setting specific, measurable goals. It commits you to comply with legal and customer requirements. It also makes clear that you are improving your system, not just maintaining it.
Are roles, responsibilities and authorities clearly assigned, communicated and understood across all levels of the organisation?
People need to know what is expected of them. The IMS must make responsibilities clear—not just for workers, but also for supervisors, managers, and directors. You must show that these roles have been assigned and communicated. This avoids confusion and ensures accountability.
Is top management ensuring the integration of the IMS into business processes?
The system must not sit off to the side. It must link with daily operations. Your leaders must make sure that planning, resourcing, and decision-making are all part of the same structure that supports the system. When the IMS is integrated properly, you avoid duplication, reduce mistakes, and improve response time. These are just some of the benefits of integrated management systems.
Leadership sets the tone. If the system matters to the top of the organisation, it will matter to everyone else.
3. Clause 6 – Planning
This clause examines whether your business has taken practical steps to prepare for what might go wrong, what should go right, and what you aim to improve. The IMS audit checklist reviews how well you’ve structured these actions and whether they link directly to your objectives.
These are the areas to focus on:
Are risks and opportunities that can impact the IMS objectives and intended outcomes identified and addressed?
Identify what could help or hinder your goals. Risks may include equipment failure, supply delays, or regulatory changes. Opportunities could involve new markets or technologies. Your system must assess these, act on them, and review the outcomes. The goal is to protect and improve performance across quality, environment, and health and safety.
Are IMS objectives established at relevant functions and levels, measurable, monitored, and communicated?
Objectives should not sit with one department. They must apply across different teams and job roles. For each objective, define what success looks like, how to measure it, and how progress will be tracked. Staff need to understand the goals and see their part in achieving them.
Are planning activities in place to ensure objectives are achieved, including who is responsible and the timeframe?
Objectives without a plan are meaningless. Assign responsibility to specific people. Set timeframes that are realistic and clear. Document how progress will be checked. Use meeting agendas, progress reports, or software tools that tie actions to accountable staff. The steps must move you closer to your targets, not just tick boxes.
Is there a consistent process for managing planned changes to the IMS?
Change is constant. You must manage it with control, not guesswork. Use a structured method to plan changes. Assess how the change could impact your compliance, responsibilities, or risks. Update documents and train staff if required. The process should be repeatable and understood across the business.
Are environmental aspects, OH&S hazards, and compliance obligations identified and evaluated?
The system must cover your impact on the environment and the health and safety of your workers. Identify what your work affects—waste, emissions, noise, chemicals. Also, assess hazards that could cause harm. Then, link these with your legal obligations. This provides a foundation for action, whether through controls, training, or design changes.
Effective planning links ideas to actions. It makes the system real. It’s where the benefits of integrated management systems become clear—fewer surprises, stronger performance, and a clear path forward.
4. Clause 7 – Support
Clause 7 examines whether your business has the right people, tools and systems in place to keep the integrated management system effective. The IMS audit checklist reviews this by focusing on six core areas that keep everything running and aligned.
Are adequate and appropriate resources available to maintain and improve the IMS?
Resources are more than just budgets. They include equipment, infrastructure, software, time and support from leadership. You need to show that your business provides what is necessary to keep the system working and moving forward. This includes support for audits, training, risk assessments and internal meetings.
Are workers competent on the basis of education, training or experience to perform their roles?
You must appoint the right people and give them what they need to stay capable. Track qualifications. Review training records. Monitor if workers apply what they’ve learned. If someone is not competent, your system needs a plan to close that gap. That could mean formal training, mentoring, or supervised experience.
Is awareness of the IMS policy, objectives, and contribution to effectiveness established throughout the workforce?
Your workforce must understand what the system is for and how they contribute to it. This goes beyond posters or policies stuck on the wall. It means people can explain the key points of your policy, describe relevant objectives, and see how their work supports the system. Awareness needs to be active, not passive.
Are internal and external communications relevant to the IMS determined, implemented and reviewed?
Communication must be consistent and relevant. Internally, that means staff know what actions affect quality, safety and environmental performance. Externally, it includes suppliers, clients, contractors and regulators. Define who communicates what, when, how, and to whom. Review the process to check it’s still fit for purpose.
Is documented information properly controlled to ensure it is available, legible, and protected from loss or unauthorised change?
Your system relies on documents. Procedures, records, registers, checklists and forms must be clear, up to date and accessible to the right people. Keep them legible and protected. Paper or digital, they must be retrievable when needed. Restrict who can change them, and store backups to prevent loss.
Are changes to documented information reviewed and approved by authorised personnel before implementation?
Any change to a controlled document must go through a review and approval process. That prevents confusion and protects the integrity of the system. Assign approval rights to specific people. Keep records of who approved what and when. This avoids unauthorised edits that can affect safety, compliance or performance.
Support builds the backbone of your system. It gives your people what they need to do their jobs safely and correctly. Without it, even the best plans will collapse.
5. Clause 8 – Operation
Clause 8 focuses on the practical work your business carries out every day. This includes how you plan, deliver and manage services or products, and how you control risks and impacts. An IMS audit checklist reviews whether your processes are reliable, safe and aligned with your stated objectives.
Are processes for delivering products and services planned and controlled to meet requirements?
Planning comes first. You need to identify what is required, then establish clear and consistent methods to meet those requirements. That includes assigning responsibilities, using the right resources, following documented steps and checking outputs. The controls you apply should match the risks involved. This shows that you do not leave results to chance.
Are environmental and OH&S operational controls implemented and maintained, including emergency response plans?
You must identify the controls required to manage environmental impacts and workplace safety. Apply those controls in day-to-day operations. This might include handling hazardous substances, managing waste, or using protective equipment. Emergency plans must be documented, tested and kept up to date. Everyone should know what to do if something goes wrong.
Are product and service requirements clearly defined and reviewed prior to acceptance?
Before accepting any job, make sure you understand what the client needs. This includes technical specifications, compliance requirements and delivery expectations. Review the request before saying yes. Clarify anything that’s unclear. Document the agreed terms. This reduces the risk of delivering the wrong result or missing key steps.
Are outsourced processes controlled in accordance with defined criteria and evaluated for their impact on quality, environment, and safety?
You can outsource the work, but not the responsibility. Define which processes you outsource, then set criteria for how those processes must be carried out. Choose providers who meet your standards. Monitor their performance. This includes checking licences, insurances, qualifications, and past issues. Evaluate their impact on your overall objectives.
Are procedures in place to manage changes affecting operations, products, or services?
Changes happen often. New materials, updated machinery, revised procedures or staff turnover can all affect operations. You must manage change with care. Before you implement any change, assess the risk. Update related documentation. Inform the people involved. Verify that the change will not cause harm or reduce performance.
Strong operational control leads to consistent outcomes. It prevents incidents, manages change and delivers what you’ve promised. Keep these processes clear, practical and well-documented.
6. Clause 9 – Performance Evaluation
You cannot improve what you do not measure. Clause 9 asks whether your business checks how well its systems are working. It requires you to monitor performance, identify gaps, and act on findings. The goal is not just to spot problems but to build on strengths.
Are methods established to monitor, measure, analyse and evaluate the performance of the IMS?
You must set methods to track how your Integrated Management System (IMS) is performing. These methods depend on what you need to know. Choose what to measure, how often, who will do it and what tools they will use. Make sure the information is accurate and relevant. Use it to support decisions, spot issues early and confirm whether your objectives are being met.
Are internal audits conducted at planned intervals, covering all elements of the IMS, and based on risks and past performance?
Internal audits help you check whether your processes are working as intended. You need to audit all parts of the IMS, not just the obvious ones. Schedule audits based on the level of risk and your past results. A process with a history of problems or serious impacts needs closer attention. Use auditors who are trained, impartial and thorough.
Are nonconformities and opportunities for improvement identified and followed up during audits?
Audits should not just confirm compliance. They should also help you learn and improve. If an audit finds something that does not meet requirements, record it as a nonconformity. Decide what needs to happen next, assign responsibility and follow it through. You should also note what works well or could work better, even if it is not a formal problem.
Does management review include inputs such as audit results, objectives, performance trends, compliance, and opportunities for improvement?
Management reviews are more than a formality. Senior leaders must look at the evidence, not just listen to reports. This includes audit findings, how well you are meeting your objectives, any trends in safety, quality or environmental performance, and whether you are meeting legal and contractual requirements. You also need to consider where you can do better or where future risks might emerge.
Are outputs from management reviews documented and include decisions and actions related to changes and resource needs?
The review must produce clear outcomes that lead to measurable actions. If a process is underperforming, outline exactly what will be adjusted. This might involve revising procedures, setting new priorities, or shifting resources. Where gaps are identified, such as in staffing, equipment, or skills, assign someone to handle the issue and set a realistic timeframe. When a current approach is delivering strong results, agree on how to maintain or expand its use and define the steps to support that.
Record the discussion in full. Note the topic raised, the outcome agreed, the person taking responsibility, and the expected completion date. These notes show that your business is thinking ahead, addressing problems, and acting on opportunities. They also provide a reference for tracking progress and keeping your system focused between reviews.
A strong performance evaluation process tells you what is happening, why it is happening, and what to do about it. An IMS audit checklist uses these requirements to ensure your system is not just active, but effective.
7. Clause 10 – Improvement
Improvement is a regular process built into your management system. Clause 10 asks you to respond to problems, learn from patterns, and act before issues occur again. The IMS audit checklist helps confirm that these steps are visible in practice.
A business that uses improvement well does not just fix issues. It prevents them. It also makes smart changes that support its goals.
Are nonconformities identified, documented, investigated, and followed up with corrective actions?
You must have a clear process to deal with nonconformities. This includes problems found during audits, complaints, incidents, or legal breaches. You need to record the issue, find the cause, and take action to stop it from happening again. Without evidence of investigation and follow-up, auditors will mark this as a failure.
Is the effectiveness of corrective actions evaluated and recorded?
You must check that the action worked. A corrective action that does not fix the issue wastes time and creates risk. Keep records of how you evaluated the result. These records should link directly to the issue you corrected.
Are trends in complaints, audit findings, incidents, or legal non-compliance used to trigger improvement?
A single complaint may not say much, but a series of similar complaints should start a conversation. Your team needs to review data for trends and decide whether they signal a deeper issue. Your management system should help turn patterns into decisions.
Are there established processes for continual improvement of the IMS to enhance performance and achieve objectives?
Improvement is not only about fixing problems. It is also about finding ways to do things better. You need a system that encourages improvement in both everyday tasks and long-term planning. This may involve process updates, staff training, or better use of resources.
Are opportunities for preventive action identified and acted upon to avoid potential nonconformities?
Good systems don’t just react—they anticipate. When a risk or weakness is spotted early, take action before it becomes a nonconformity. These actions must be recorded and tracked. Preventive actions show that you are thinking ahead, not just catching up.
A strong approach to Clause 10 turns problems into plans. It uses the IMS audit checklist to make sure that improvement becomes part of the culture, not just a requirement.
Conducting the Audit
An audit needs structure. You must plan carefully, observe objectively, and report clearly. The outcome should show what was checked, what was found, and what needs action.
Begin with an opening meeting. The auditor confirms the objectives, scope, and method. Staff can ask questions and clarify expectations. This builds cooperation and avoids confusion. Base all findings on objective evidence and link them to clear requirements—internal procedures, ISO standards, laws, or customer needs. Each conclusion must be traceable.
Categorise each observation: compliant, non-compliant, or improvement suggested. This helps prioritise actions and avoids ambiguity. Close with a meeting to present results. The auditor explains the findings, their impact, and next steps. Everyone should leave with a clear understanding of what was found and what must happen next.
The IMS audit checklist captures all of this to support audits that lead to real improvements.
What To Do After the Audit
The audit process does not end with the closing meeting. What happens next determines whether the findings lead to real improvement.
Assign corrective actions for each nonconformity with a clear owner, deadline, and supporting evidence. Track progress and close actions only when verified. This shows commitment to resolving issues.
Update your risk register with any newly identified threats. A well-maintained risk register captures each risk with details such as its likelihood, impact, ranking, owner, and mitigation measures. It gives your business a clear view of where the greatest risks lie and helps prioritise action. Over time, it highlights trends and areas that need attention. The register should support clear decision-making and help your team manage risk as part of normal operations.
Revise procedures, training records, or maintenance logs as needed to keep your system accurate and aligned with ISO standards.
Share a summary of findings with senior management and relevant teams. Clear, factual communication supports decision-making and accountability. If required, provide updates to external stakeholders. Document lessons from the audit. Use them to improve your next audit plan and include them in your management review to avoid repeat issues.
