Audit Readiness Checklist
Download your audit readiness
Please fill out the form below to access your free audit readiness download.
About this audit readiness
Audits should never be a last-minute scramble. This audit readiness checklist gives operations teams a practical, repeatable way to prepare evidence, check standards on site, and run the audit day without relying on memory or manager relay.
It covers preparation checks, in-process controls, clear escalation criteria, and close-out actions — so you stop guessing and start knowing what’s ready, what isn’t, and what needs fixing first.
What this audit readiness checklist covers
- Preparation: scope, roles, timelines, and briefing the team
- Evidence readiness: version control, training records, mandatory logs, and traceability
- Site and process checks: what auditors spot quickly, and how to close gaps early
- Audit day controls: logging requests, managing sampling, and avoiding “best guesses”
- Escalation criteria: when to pull in compliance, H&S, HR, IT, or senior cover
- Close-out: owners, deadlines, root cause, and proof of closure
Who it’s for
This checklist is for frontline operations teams and managers preparing for internal audits, external audits, customer audits, and regulatory inspections. It’s especially useful across multi-site operations where consistency matters and evidence lives in more than one place.
How to use it on the frontline
Run the checklist in three passes:
- Before the audit: confirm scope, assign owners, and build a single evidence pack location.
- During the audit: log every evidence request with an owner and deadline, and answer questions with facts — not assumptions.
- After the audit: turn findings into actions with owners, dates, root cause, and verification evidence.
If you find gaps, do not hide them. Control them. Auditors are looking for how you manage risk and follow through — not whether your operation is magically perfect.
Common gaps this checklist helps you catch early
- Outdated SOPs still in use on site
- Training completed, but not evidenced or not role-mapped
- Mandatory checks done “in reality” but not recorded consistently
- Corrective actions logged, but no root cause or proof of closure
- Known issues that are not controlled, tracked, or escalated
Want to run audit readiness without the guesswork?
Ocasta replaces scattered documents and “have we done this?” messages with structured checklists, clear ownership, and real-time visibility. You get confidence on the day — and a cleaner trail of evidence afterwards.
Disclaimer: This checklist is for general guidance only and does not constitute legal, regulatory, health and safety, or professional advice. You are responsible for ensuring compliance with applicable laws, standards, and internal policies.
Included questions
Here's what's included in this audit readiness:
Audit scope and preparation (7)
Confirm what the audit covers, who is involved, and what “good” looks like before you start.
-
Dropdown
Which audit are you preparing for?
Pick the closest match so the right evidence and owners are clear.
-
Yes/No
Is the audit date and time confirmed?
If not confirmed, agree a deadline for confirmation and record who owns it.
-
Yes/No
Is the audit scope documented and shared with the site team?
Include locations, processes, time period, and any sampling method if provided.
-
Yes/No
Do you have the audit criteria or standard to be assessed against?
For example: policy set, customer requirements, regulatory checklist, ISO clause list.
-
Yes/No
Are audit roles assigned (lead, evidence owners, escorts, note-taker)?
Avoid “everyone owns it” — name individuals and cover breaks/shift changes.
-
Yes/No
Is the escalation contact list up to date?
Include compliance, HR, H&S, IT, facilities, and the senior on-call contact.
-
Yes/No
Has a pre-audit briefing been completed with the team?
Cover scope, timings, what evidence looks like, and how to handle questions.
Evidence and documentation readiness (7)
Make evidence easy to find, current, and consistent — without last-minute scrambling.
-
Yes/No
Is the document register (policies, SOPs, forms) current and accessible?
Check version control, owners, and review dates. Remove outdated copies from use.
-
Yes/No
Are critical SOPs available at the point of use?
Frontline teams should be able to find the right procedure in under 30 seconds.
-
Yes/No
Are training and competency records up to date for in-scope roles?
Include starters, refresher training, and any role-specific sign-offs.
-
Yes/No
Are mandatory checks completed and filed (with evidence) for the audit period?
Examples: daily checks, safety checks, temperature logs, cleaning logs, maintenance logs — as relevant to your operation.
-
Yes/No
Are incident records and corrective actions complete and traceable?
Each issue should show what happened, immediate action, root cause, fix, and verification.
-
Yes/No
Are supplier and contractor documents in place where required?
For example: insurances, qualifications, RAMS, service reports, SLAs, approval status.
-
Text
Where is the evidence pack stored?
Add the link/path and any access details. Keep it to one place where possible.
Site and process readiness checks (7)
Confirm the operation matches the documented standard — and fix gaps before they become findings.
-
Yes/No
Is housekeeping and presentation at standard across in-scope areas?
Focus on what auditors notice first: cleanliness, organisation, signage, and obvious defects.
-
Yes/No
Are safety controls in place and working (as applicable)?
Examples: PPE availability, fire exits clear, first aid kit stocked, spill kits, guarding, manual handling aids.
-
Yes/No
Are required posters and notices current and displayed?
Check versions, locations, and that they match your operation and risk profile.
-
Dropdown
What is the status of in-scope equipment maintenance?
Be honest. Auditors care more about control and follow-through than perfection.
-
Yes/No
Are known nonconformities logged and being tracked to closure?
If you know about it but cannot show control, it becomes a bigger problem.
-
Yes/No
Do spot checks show the process is being followed as written?
Pick 2–3 high-risk tasks and observe them. Look for shortcuts and workarounds.
-
Text
What are the top 3 readiness risks you’ve found today?
Write them plainly. This becomes your action list and escalation trigger.
In-process audit day controls (6)
Run the audit calmly and consistently. Capture requests, evidence, and follow-ups in the moment.
-
Yes/No
Has the opening meeting been completed and documented?
Confirm scope, timings, sampling approach, and any safety/site rules.
-
Yes/No
Is auditor access being managed (escort, areas, confidentiality)?
Make sure they see what they need — and that sensitive areas are controlled appropriately.
-
Yes/No
Are all evidence requests being logged with an owner and deadline?
Avoid verbal promises. Log each request and close it off with proof.
-
Yes/No
Are questions being answered with facts and evidence (not guesses)?
If you do not know, say you will confirm and come back with evidence.
-
Number
How many sample records have been checked during the audit?
Count what has been reviewed so far (e.g. training records, checks, maintenance, incidents).
-
Yes/No
Are potential findings being captured in real time with evidence?
Note the clause/requirement, what was seen, and any immediate containment action.
Escalation criteria (6)
Know when to pull in support. Escalating early prevents small issues becoming major findings.
-
Yes/No
Is there a risk of a major nonconformity or audit failure?
Examples: missing critical records, uncontrolled safety risk, evidence of repeated non-compliance.
-
Yes/No
Is any critical document or record missing for the audit period?
If yes, escalate immediately with what is missing, why, and the fastest recovery plan.
-
Yes/No
Has a safety or legal breach been identified?
Stop and escalate. Put immediate controls in place before continuing.
-
Yes/No
Is there a dispute or change in scope that needs senior input?
Examples: auditor requests out-of-scope evidence, confidentiality concerns, access restrictions.
-
Person
Who did you escalate to?
Select the person responsible for next steps and decisions.
-
Text
Escalation notes
What happened, what evidence exists, what immediate action was taken, and what is needed next.
Close-out and follow-up actions (7)
Turn findings into improvements you can prove. Close the loop with owners, dates, and verification.
-
Yes/No
Has the closing meeting been completed and documented?
Confirm findings, severity, and timelines. Clarify anything unclear before the auditor leaves.
-
Number
How many findings were recorded?
Include observations, opportunities for improvement, minor and major nonconformities.
-
Yes/No
Are corrective actions assigned with owners and deadlines?
No owner means no action. No deadline means no priority.
-
Yes/No
Has root cause been completed for each finding (not just a quick fix)?
Use a simple method (5 Whys is fine). Focus on what allowed the issue to happen.
-
Yes/No
Is evidence of closure defined for each action?
For example: updated SOP, training completion report, photo evidence, maintenance certificate, re-audit result.
-
Yes/No
Have lessons learned been shared with the wider team?
Share what changed, what matters, and how to avoid repeat issues — in plain language.
-
Signature
Audit readiness close-out sign-off
Confirms actions are logged and next steps are clear.