Last Updated on September 25, 2025 by Melissa Lazaro

ISO/IEC 17043:2023 Internal Audit Checklist

If you’re a PT provider or quality manager working under ISO/IEC 17043:2023, you already know internal audits are mandatory. But here’s what I’ve noticed after supporting dozens of labs: too many teams either reuse outdated checklists or run internal audits that don’t truly evaluate the full system.

And here’s the problem with that—internal audits are your first (and best) chance to catch issues before your assessor does.

The updated ISO/IEC 17043:2023 places more emphasis on risk-based thinking, impartiality, statistical evaluation, and clear documentation. If your audit doesn’t align with those changes, you may miss critical gaps.

In this guide, I’ll walk you through how to build and use a complete internal audit checklist that actually helps—not just one that satisfies a requirement on paper.

Why Internal Audits Are Critical Under ISO/IEC 17043:2023

They’re not just for compliance—they’re your early warning system

Clause 8.5.1 of ISO/IEC 17043:2023 requires PT providers to conduct internal audits at planned intervals to verify that the management system continues to meet:

• The laboratory’s own requirements
• ISO/IEC 17043:2023 requirements
• Accreditation body expectations

A good internal audit does more than confirm checkboxes. It shows you where your system might fail, where documentation is unclear, or where procedures aren’t followed consistently.

Example:
One PT provider I worked with passed their external audit cleanly—because their internal audit had already uncovered and corrected issues with test item stability documentation. No surprises. No scrambling. That’s the power of a real audit.

Getting Ready for the Internal Audit

Before you begin, make sure a few things are in place:

1. Assign a qualified auditor

They should be:

• Trained in ISO/IEC 17043
• Competent in auditing
• Independent of the area being audited

2. Build your audit plan

Outline:

• What will be audited (e.g., structural requirements, a specific PT scheme)
• When it will be audited
• Who will perform the audit
• What documents and records are needed

3. Notify staff

This helps reduce resistance and ensures cooperation. Internal audits should be seen as support, not punishment.

The Clause-by-Clause Internal Audit Checklist

The easiest way to make sure you’ve covered all requirements? Align your checklist directly to the structure of ISO/IEC 17043:2023.

Here’s how to break it down:

Section 4: General Requirements

• Is impartiality maintained in all aspects of PT planning, evaluation, and reporting?
• Is there a documented statement on confidentiality?
• Are risks to impartiality identified and addressed?

✔ Compliant ☐ Partial ☐ Noncompliant | Notes: ____________________

Section 5: Structural Requirements

• Does the PT provider have a legal identity?
• Is the organizational structure clearly defined?
• Are roles and responsibilities documented?

✔ Compliant ☐ Partial ☐ Noncompliant | Notes: ____________________

Section 6: Resource Requirements

• Are personnel competent and authorized to carry out assigned tasks?
• Are training and qualification records maintained?
• Is equipment used in PT properly maintained and calibrated?

✔ Compliant ☐ Partial ☐ Noncompliant | Notes: ____________________

Section 7: Process Requirements

7.2 Planning

• Is each PT scheme planned based on technical requirements and participant needs?
• Are risks associated with the scheme identified?

7.4 PT Item Production

• Is the process for preparing PT items controlled and documented?

7.5 Homogeneity and Stability

• Are homogeneity and stability assessments performed?
• Is statistical evaluation documented and traceable?

7.6 Data Handling and Statistical Design

• Are evaluation methods appropriate and justified?
• Are outliers managed according to defined rules?

7.9 Communication with Participants

• Are participants informed about schedules, instructions, and changes?
• Are communications documented and traceable?

7.11 Complaints and Appeals

• Is there a procedure for handling complaints?
• Are records of actions taken maintained?

✔ Compliant ☐ Partial ☐ Noncompliant | Notes: ____________________

Section 8: Management System Requirements

8.2 Document Control

• Are all procedures, forms, and policies controlled?
• Are obsolete documents removed from use?

8.3 Records Control

• Are records stored securely and retrievable?
• Are retention times defined?

8.5 Internal Audits

• Is there an internal audit schedule?
• Are all areas of the standard covered over time?

8.6 Corrective Actions

• Are nonconformities documented and investigated?
• Are root causes identified and addressed?

8.7 Management Review

• Is a management review conducted regularly?
• Does it include audit results, risks, complaints, and improvements?

✔ Compliant ☐ Partial ☐ Noncompliant | Notes: ____________________

How to Document Your Findings

Once you’ve completed your audit checklist, summarize your findings in a clear, readable report. Include:

• Areas of full compliance (✅)
• Observations or partial findings (⚠️)
• Nonconformities (❌)
• Opportunities for improvement (💡)

Then link each nonconformity to your Corrective Action process. Make sure it goes through investigation, root cause analysis, correction, and verification.

Example:
One lab used a simple Google Sheet for their findings. Each item had columns for clause, issue, responsible person, deadline, and status. It became their action tracker and helped drive continuous improvement.

Pro Tips for a Stronger Internal Audit Process

• Reference the 2023 clause numbers in your reports
  It shows clarity and makes it easy for assessors to track your system against the standard.
• Audit at least one full PT scheme per year
  Don’t only focus on procedures—review actual scheme files to see how policies are applied in practice.
• Use previous findings and complaints to guide your scope
  Target weak spots. Internal audits are most useful when they’re focused and relevant.
• Include a column for “Evidence Reviewed” in your checklist
  This makes your audit more defensible and helps with training new staff or auditors.

Common Mistakes to Avoid

Using a generic ISO 17025 checklist

ISO/IEC 17043 has PT-specific requirements that are often missed when you recycle another standard’s audit tool.

Not auditing technical activities

Make sure your audit covers statistical evaluation methods, scheme planning, and test item validation—not just general QMS processes.

Forgetting to review risk-based decisions

The 2023 version puts more weight on documented risk thinking. If it’s not in your audit, it’s a red flag.

Treating the audit like a checkbox exercise

If you just “fill the form” and move on, you’re missing out on improvement opportunities.

FAQs

How often should we conduct internal audits under ISO/IEC 17043:2023?
At least once per year, covering all elements of the standard across a rolling cycle. Some labs do smaller audits quarterly to stay on track.

Can internal staff conduct the audit?
Yes, if they’re competent, trained, and independent of the process they’re auditing. No conflict of interest allowed.

What if a clause doesn’t apply to us?
Mark it “Not Applicable,” but explain why. For example: “No subcontracted activities” or “Only one PT scheme offered.”

Don’t Wait Until Audit Day

A strong internal audit doesn’t just prepare you for assessment—it protects your PT scheme, your participants, and your reputation.
And here’s the thing: it doesn’t need to be complicated. What it needs is structure, consistency, and purpose.

Start with a solid checklist. Update it to match ISO/IEC 17043:2023. And treat the audit as a tool for real improvement—not just compliance.

Want to save time?
I’ve created a downloadable ISO/IEC 17043:2023 Internal Audit Checklist (Excel/PDF) — organized clause by clause, with space for evidence, findings, and actions.

Need help reviewing your system?
Schedule a walkthrough with our team. We’ll help you build a tailored audit process that actually works.

Because the goal isn’t just passing an audit—it’s running a better, stronger PT program.