What is APQP and why is it important?

Advanced Product Quality Planning (APQP) is a structured framework used in manufacturing to ensure products meet customer requirements. It defines five phases from planning through production validation, with key outputs including Process Flow Diagrams, PFMEAs, Control Plans, and Inspection Plans. QualityEngineer.ai automates APQP document creation with AI, generating interconnected documents where each feeds context into the next.

What are the 18 elements of a PPAP submission?

The 18 PPAP elements defined by AIAG include: 1) Design Records, 2) Engineering Change Documents, 3) Customer Engineering Approval, 4) Design FMEA, 5) Process Flow Diagram, 6) Process FMEA, 7) Control Plan, 8) Measurement System Analysis, 9) Dimensional Results, 10) Material/Performance Test Results, 11) Initial Process Studies, 12) Qualified Laboratory Documentation, 13) Appearance Approval Report, 14) Sample Production Parts, 15) Master Sample, 16) Checking Aids, 17) Customer-Specific Requirements, and 18) Part Submission Warrant. QualityEngineer.ai tracks all 18 elements with AI-powered gap analysis.

What is a Control Plan in manufacturing?

A Control Plan is a living document that describes the methods and controls needed to ensure product quality at each step of the manufacturing process. It specifies what characteristics to measure, how to measure them, sample sizes, frequencies, and reaction plans when measurements fall out of specification. Control Plans are a required output of the APQP process and a key element of PPAP submissions.

What is PFMEA and how does it relate to Control Plans?

Process Failure Mode and Effects Analysis (PFMEA) identifies potential failure modes in a manufacturing process, their causes, and their effects. Each failure mode is scored for severity, occurrence, and detection to calculate a Risk Priority Number (RPN). The PFMEA directly feeds the Control Plan: high-risk failure modes identified in the PFMEA require corresponding controls, inspection methods, and reaction plans in the Control Plan.

What quality standards does QualityEngineer.ai support?

QualityEngineer.ai supports major manufacturing quality standards including IATF 16949 (automotive), ISO 9001 (general quality management), AS9100 (aerospace), ISO 13485 (medical devices), AIAG PPAP 4th Edition, AIAG-VDA FMEA, AIAG APQP, AIAG MSA 4th Edition, AIAG SPC, and VDA 6.3. The platform is designed to help quality engineers meet audit requirements across these standards.

IATF 16949 Internal Audit Checklist: What Every Quality Engineer Needs to Know

If you've ever been handed an IATF 16949 internal audit responsibility with two weeks' notice and a stack of unclear procedures, you know the feeling: where do you even start?

Internal audits are supposed to be a tool for improvement. In practice, they often turn into a compliance checkbox exercise - auditors asking "do you have this procedure?" instead of "is this process actually working?" That gap between what IATF 16949 demands and what most internal audit programs deliver is where most nonconformances come from at third-party certification audits.

This guide gives you a practical IATF 16949 internal audit checklist, explains the clauses that consistently trip up suppliers, and walks through how to run an audit that actually prepares you for surveillance and recertification visits.

What IATF 16949 Requires for Internal Audits

IATF 16949:2016 Clause 9.2 covers internal audits. The standard requires that you:

Plan, establish, implement, and maintain an audit program
Define audit criteria, scope, frequency, and methods
Ensure auditor objectivity and impartiality (auditors cannot audit their own work)
Report audit results to relevant management
Take appropriate correction and corrective action without undue delay
Retain documented information as evidence

The IATF adds a layer on top of ISO 9001: you must conduct audits against all requirements of IATF 16949, any applicable customer-specific requirements (CSRs), and your own QMS documentation. That last point catches a lot of people - your work instructions and control plans are fair game for audit findings.

IATF 16949 also requires three distinct audit types:

QMS audits - against the standard's clauses
Manufacturing process audits - against process-specific criteria (your control plans, process flows, PFMEAs)
Product audits - verifying product meets customer requirements at defined stages

Most internal audit programs cover QMS audits reasonably well. Manufacturing process audits and product audits are where programs fall short.

IATF 16949 Internal Audit Checklist

Use this checklist as a starting point. Customize it for your customer-specific requirements (Ford Q1, GM BIQS, Stellantis STIP, etc.) and your own QMS documentation.

Section 1: Context of the Organization (Clause 4)

Is the scope of the QMS documented and maintained?
Are internal and external issues that affect quality objectives identified and reviewed?
Are interested parties (customers, regulatory bodies, suppliers) and their requirements identified?
Is the boundary of QMS certification clearly defined?

Section 2: Leadership and Quality Policy (Clause 5)

Does top management demonstrate leadership by participating in management review and supporting the QMS?
Is the quality policy communicated and understood at all levels (verify by asking floor employees)?
Are quality objectives measurable, monitored, and linked to the quality policy?
Is there a designated management representative for the QMS (note: IATF 16949 requires this, unlike ISO 9001)?
Do customer representatives have defined authority and responsibility?

Section 3: Planning (Clause 6)

Are risks and opportunities identified and addressed in the QMS?
Are quality objectives established at relevant functions, levels, and processes?
Is change management documented when changes to the QMS are planned?

Section 4: Support - Resources and Competence (Clause 7)

Is there evidence of training records for all personnel performing quality-affecting work?
Are competency requirements defined for each role?
Are measuring and monitoring resources calibrated with records retained?
Is the calibration status of equipment clearly marked or otherwise identifiable?
Are MSA studies (Gauge R&R) current and acceptable for all critical measurement systems?
Is documented information controlled, with version history and approval records?

Common finding: Calibration records exist but MSA studies are outdated or never performed for gages added after initial qualification.

Section 5: Operation - Product Realization (Clause 8)

This is where most IATF 16949 nonconformances live. Audit this section with your control plan in hand.

APQP and PPAP (8.3)

Is the APQP process documented with defined deliverables at each phase gate?
Are design FMEA (DFMEA) and process FMEA (PFMEA) current and reflecting the current design/process?
Is there an approved PPAP on file for every externally produced part, at the correct submission level?
Have any engineering changes been made since PPAP approval? If so, is there a resubmission or deviation approval from the customer?
Are control plans linked to the PFMEA (i.e., controls address PFMEA detection methods)?

Common finding: PPAP was approved five years ago; since then, two machine replacements and a material supplier change occurred with no resubmission. The customer doesn't know.

Control Plans and Work Instructions (8.5)

Is there a control plan for every production process and every incoming inspection operation?
Do work instructions reference the control plan? Are they at the point of use?
Are inspection frequencies, sample sizes, and reaction plans defined and followed?
Are setup verification requirements defined and records retained (first-off part approval)?
Is operator self-inspection defined in the control plan and actually performed?

Nonconforming Product (8.7)

Is nonconforming product segregated and identified immediately?
Are disposition decisions documented (scrap, rework, return to supplier, customer deviation)?
Is there a process for managing suspect product in the event of a quality escape?
Are customer notifications made within required timeframes when escapes occur?

Statistical Process Control (8.5.1)

Are all characteristics identified as "SPC required" on the control plan actually being charted?
Are control chart signals (out-of-control conditions) being responded to and documented?
Is Cpk or Ppk calculated periodically and meeting the customer-required threshold (typically 1.67 for new processes, 1.33 ongoing)?

Common finding: SPC charts are posted on the line. No one is looking at them. Out-of-control points are ignored. This is a Major nonconformance.

Section 6: Performance Evaluation (Clause 9)

Are customer satisfaction metrics being monitored (PPM, warranty, scorecards, CSR ratings)?
Are internal audit results analyzed and trended?
Is management review conducted at planned intervals with documented inputs and outputs?
Are quality KPIs reviewed at management review? Do trends show improvement or is the team just noting the numbers?

Section 7: Improvement - CAPA (Clause 10)

Is there a documented corrective action process?
Are root cause analyses thorough (5-Why, Fishbone, or equivalent) or are they superficial?
Are corrective actions verified for effectiveness after implementation?
Are lessons learned from corrective actions fed back into the PFMEA and control plan?

Common finding: Corrective actions close on time in the system but effectiveness verification never happens. The same defect recurs six months later.

The Clauses IATF 16949 Auditors Always Dig Into

Based on common audit findings across automotive suppliers, these areas receive disproportionate third-party scrutiny:

1. Control Plan linkage to PFMEA. Auditors will pull your control plan and PFMEA and compare them column by column. If your control plan lists detection methods that don't correspond to your PFMEA detection rankings, that's a finding.

2. Competency records for key personnel. "Training required" lists that haven't been updated in three years, or new hires who were observed on the job but never formally signed off, are common sources of minor nonconformances.

3. Customer-specific requirements. The IATF 16949 certification body requires that you've identified all applicable CSRs and have evidence you're meeting them. Ford Q1, GM BIQS, Stellantis STIP, BMW GS-0004 - if your customer has published CSRs, you need a gap analysis against your QMS.

4. Internal audit program coverage. Auditors will check that your annual audit plan actually covers all clauses of the standard, all shifts (if applicable), and all processes - not just the easy ones. If your welding process hasn't been audited in 18 months, that's a process audit gap.

5. Management review input completeness. The standard specifies what must be reviewed. If your management review minutes don't show evidence of reviewing quality objectives, audit results, customer feedback, and supplier performance, you'll get a finding even if the meeting happened.

Running the Audit: Practical Tips

Start with the control plan, not the procedure. Walk the process with the operator. Ask them: "What defects are you looking for? How often do you check? What do you do if you find a bad part?" The answers will tell you more than any checklist.

Interview more than one person. A procedure can be written correctly and followed by one shift while the other shift does something completely different. If you audit on day shift only, you may miss systemic issues.

Look for linkage, not just existence. The PFMEA exists. The control plan exists. The work instruction exists. Do they tell the same story? Changes propagate in only one of them all the time.

Cite the clause and your evidence in every finding. "IATF 16949:2016 Clause 8.5.1.1 requires..." followed by what you observed. Findings without evidence are useless for corrective action and will be challenged.

Grade your findings correctly. Major: absence of a required element or systemic breakdown of a process. Minor: isolated instance of a requirement not being fully met. OFI (opportunity for improvement): not a requirement, but a genuine recommendation. Misclassifying findings creates confusion and frustration with third-party auditors who see them later.

How QualityEngineer.ai Supports Audit Readiness

Audit findings most often trace back to document linkage failures: the PPAP was approved, but the PFMEA wasn't updated after a process change; the control plan references a gage that was replaced and never re-validated through MSA; corrective actions closed without feeding back into living documents.

QualityEngineer.ai is built around document cascade: your process flow feeds your PFMEA, which feeds your control plan. When a process change is made, the cascade flags the downstream documents that need review. The goal is that your documents stay in sync with your actual process, not with what your process looked like the day you got PPAP approval.

If you're preparing for a surveillance audit or recertification, the PPAP module also gives you a complete view of your submission status: which parts have approved PPAPs, which have had process changes since approval, and which are overdue for review.

You can explore the platform at app.qualityengineer.ai.

Summary

IATF 16949 internal audits are most useful when they look at how your processes actually work, not just whether your documentation exists. The areas that consistently produce nonconformances: control plan-to-PFMEA linkage, SPC implementation vs. paper compliance, PPAP currency after process changes, and corrective action effectiveness verification.

Use the checklist above as a foundation. Customize it for your CSRs and your processes. And run audits on all three types: QMS, manufacturing process, and product.

Related articles:

Tags: IATF 16949, internal audit, automotive quality, PPAP, control plan, PFMEA, APQP, quality engineering