Why Your Management Review Agenda Is an Audit Target
The management review is one of those requirements that businesses either take seriously or treat as a box-ticking exercise. Auditors know the difference within minutes of sitting down. If your agenda is a one-page document that says “discuss quality issues” and your minutes show a 20-minute meeting with no decisions recorded, you have a problem. That problem will show up as a nonconformance.
On this page
Clause 9.3 of ISO 9001:2015 is the clause that governs management review. It is specific about what inputs must be considered, what outputs must be produced, and who needs to be involved. Getting this right is not complicated, but it does require you to understand what the standard actually demands rather than what you think it demands.
This guide walks you through exactly how to structure a management review agenda that satisfies auditor expectations, creates genuine value for your business, and holds up under scrutiny at both Stage 2 and surveillance audits. If you are working through the broader certification process, the beginner's guide to ISO 9001:2015 provides helpful context on how Clause 9.3 fits into the full standard.
What Clause 9.3 Actually Requires
Before you write a single agenda item, you need to understand the three sub-clauses that make up Clause 9.3. They are not optional. Every single one needs to be addressed in your review.
Clause 9.3.1: General
Top management must review the QMS at planned intervals. The review must assess suitability, adequacy, effectiveness, and alignment with the strategic direction of the organisation. This means your CEO, Managing Director, or equivalent must be in the room or demonstrably involved. A quality manager running a meeting with no senior leadership present will not satisfy this requirement.
Clause 9.3.2: Management Review Inputs
This is where most businesses fall short. The standard lists specific inputs that must be considered. These are not suggestions. They are mandatory agenda items. The required inputs are:
- Status of actions from previous management reviews
- Changes in external and internal issues relevant to the QMS
- Information on the performance and effectiveness of the QMS, including trends in customer satisfaction and feedback, quality objectives achievement, process performance and product or service conformity, nonconformities and corrective actions, monitoring and measurement results, and audit results
- Adequacy of resources
- Effectiveness of actions taken to address risks and opportunities
- Opportunities for improvement
Each of these must appear on your agenda and must be addressed in your minutes with actual data or discussion, not just a tick in a box.
Clause 9.3.3: Management Review Outputs
Your review must produce documented outputs that include decisions and actions related to improvement opportunities, any need for changes to the QMS, and resource needs. If your minutes do not record specific decisions with owners and timeframes, you have not met this requirement.
For a deeper look at how leadership requirements connect to Clause 9.3, the guide to Clause 5 Leadership in ISO 9001 is worth reading alongside this article.
Common Mistakes That Cause Nonconformances
Having audited and consulted on ISO 9001 systems across dozens of organisations, the same mistakes come up repeatedly. Knowing them in advance saves you from finding out the hard way during a certification audit.
Agenda Items That Are Too Vague
Writing “discuss customer complaints” is not enough. Your agenda item should specify what data will be presented, by whom, and what the discussion is expected to address. Vague agenda items produce vague minutes, and vague minutes give auditors nothing to work with.
Missing Inputs
Businesses often cover customer satisfaction and nonconformances but forget to address changes in the context of the organisation, the adequacy of resources, or the effectiveness of actions taken on risks and opportunities. An auditor will go through the Clause 9.3.2 list one by one. If any input is not addressed, that is a finding.
No Evidence of Top Management Involvement
If your minutes show that only the quality team attended, the auditor will raise this. The standard requires top management to conduct the review. This does not mean they need to present every item, but they must be present and must be making decisions.
Outputs Without Owners or Timeframes
Recording “agreed to improve supplier performance” in your minutes is meaningless. Every action that comes out of a management review needs a responsible person and a due date. Without these, the output cannot be followed up at the next review, which is itself a required input.
Reviews Conducted Too Infrequently
The standard says “at planned intervals.” Most organisations conduct reviews annually, which is generally acceptable, though some auditors will expect more frequent reviews if your QMS is relatively new or if you have had significant nonconformances. Whatever interval you commit to in your documented procedures, you must stick to it.
How to Structure Your Management Review Agenda
Here is a practical agenda structure that covers all mandatory inputs and produces the outputs the standard requires. You can adapt this to your organisation's size and complexity.
Opening and Attendance
Record who attended, their roles, and the date and location of the meeting. Note apologies. This section establishes that top management was present and that the review was formally convened.
Item 1: Review of Previous Actions
Go through every action item recorded in the previous management review minutes. For each action, record whether it was completed, partially completed, or outstanding, and why. This directly addresses the Clause 9.3.2 requirement for the status of actions from previous reviews. If this is your first management review, note that there are no previous actions and move on.
Item 2: Context of the Organisation and Changes
This item addresses changes in external and internal issues that are relevant to the QMS. This could include changes in your market, new competitors, regulatory changes, changes to your organisational structure, new key personnel, or shifts in your strategic direction. Do not skip this item just because nothing significant has changed. Record that the context was reviewed and note any changes, or confirm that no material changes occurred.
Item 3: Customer Satisfaction and Feedback
Present data on customer satisfaction. This might come from surveys, Net Promoter Scores, repeat business rates, formal complaints, or informal feedback. Show trends over time where possible. A single data point tells an auditor very little. Three to four periods of data showing a trend tells a story and demonstrates that your system is monitoring performance over time.
Item 4: Quality Objectives Performance
Report on each quality objective. For each one, present the target, the actual result, and whether the objective was met. If an objective was not met, explain why and what action is being taken. This is one of the most scrutinised parts of the management review because it directly shows whether your QMS is effective.
Item 5: Process Performance and Product or Service Conformity
This item covers how well your key processes are performing and whether your products or services are meeting specifications. Use data from process monitoring, inspection records, or service delivery metrics. If you have key performance indicators for your processes, this is where you report on them.
Item 6: Nonconformities and Corrective Actions
Summarise nonconformances raised since the last review. Include internal nonconformances, customer complaints that resulted in corrective actions, and audit findings. Report on the status of corrective actions. Are they closed? Are they effective? Have any repeat nonconformances occurred? Repeat nonconformances are a red flag for auditors and need to be addressed with a clear explanation.
Item 7: Audit Results
Report on internal audit results and any external audit findings from your certification body. Summarise findings, observations, and opportunities for improvement raised. Note the status of any corrective actions arising from audits. If you want to make sure your internal audits are generating useful data for this agenda item, the article on how to run ISO internal audits that actually find problems is a practical resource.
Item 8: Supplier and External Provider Performance
Review the performance of your key suppliers and external providers. This might include on-time delivery rates, quality rejection rates, or the results of supplier audits. If supplier performance has been a source of nonconformances or customer complaints, this needs to be discussed in detail.
Item 9: Monitoring and Measurement Results
Present any other monitoring and measurement data not already covered. This might include equipment calibration results, environmental monitoring, or any other metrics your QMS uses to track performance.
Item 10: Risks and Opportunities
Review the effectiveness of actions taken to address risks and opportunities identified in your risk register. Have the risks been mitigated? Have opportunities been pursued? Has the risk profile of the organisation changed? This item directly addresses the Clause 9.3.2 requirement for the effectiveness of actions taken to address risks and opportunities.
Item 11: Resource Adequacy
Discuss whether the organisation has adequate resources to maintain and improve the QMS. This includes people, infrastructure, technology, and budget. If resources are insufficient, this is where you raise it and where top management must make decisions about resourcing.
Item 12: Opportunities for Improvement
This is a forward-looking item. What improvements does the team want to pursue in the next period? These might come from the data reviewed earlier in the meeting, from staff suggestions, or from benchmarking against industry peers. Each improvement opportunity discussed should either be assigned as an action or noted as deferred with a reason.
Item 13: Actions and Decisions (Outputs)
Before closing the meeting, formally record all actions agreed during the review. Each action must have a description, an owner, and a due date. This section is the documented output required by Clause 9.3.3. It is also what gets reviewed at the start of the next management review, so it needs to be complete and accurate.
What Your Minutes Need to Contain
The agenda is only half the story. Your minutes are the documented evidence that the review actually happened and that it covered everything it needed to. Here is what auditors look for in management review minutes.
First, the minutes must show that all mandatory inputs were addressed. An auditor will go through Clause 9.3.2 and check each input against your minutes. If an input is missing, the meeting may not have covered it, or the minutes were not recorded properly. Either way, it is a finding.
Second, the minutes must show actual data, not just statements that data was reviewed. Writing “customer satisfaction was discussed” is not evidence. Writing “customer satisfaction survey results for Q3 and Q4 showed an average score of 4.1 out of 5, down from 4.4 in the previous period. The team agreed this decline was linked to delivery delays from Supplier X and assigned a corrective action to the procurement manager” is evidence.
Third, the outputs section must be clear and complete. Every action needs an owner and a due date. The decision to make no changes to the QMS is itself a valid output, but it needs to be recorded as a deliberate decision, not an omission.
For reference on what constitutes proper documented information under ISO 9001, the guide to controlled documents provides useful background on how to manage and retain records like management review minutes.
Frequency and Timing of Management Reviews
Most businesses run management reviews once a year, typically before their annual surveillance or recertification audit. This timing is deliberate and sensible. It means the review data is current when the auditor arrives and the outputs are fresh.
However, once a year is the minimum for most organisations. If you are in a fast-moving industry, if your QMS is new, or if you have had a difficult year with significant nonconformances, consider running two reviews per year. Some organisations run quarterly reviews, particularly larger businesses or those in regulated industries.
Whatever frequency you commit to, document it in your QMS procedures and stick to it. Missing a scheduled review is a nonconformance in itself.
A Note on Evidence Retention
ISO 9001 requires you to retain documented information as evidence that management reviews were conducted. This means keeping your signed agenda, your minutes, and any supporting data presented at the meeting. ISO 9001:2015 Clause 9.3 does not specify a retention period, but most organisations keep management review records for the full three-year certification cycle at a minimum. Some keep them longer for continuity purposes.
Store your records in a location that is accessible to auditors. If your auditor asks to see management review records from the previous two years and you cannot locate them, that is a problem regardless of whether the reviews actually took place.
Getting Help With Your Management Review Process
If you are setting up your management review process for the first time, or if a previous audit has raised findings related to Clause 9.3, it is worth getting experienced input. The management review is one of those areas where a small amount of expert guidance upfront saves significant rework later.
The guide to ISO 9001 Clause 9 performance evaluation covers the broader context of how management review fits into your overall performance monitoring framework, which is useful reading if you want to make sure your review inputs are backed by solid measurement processes throughout the year.
If you are still in the process of choosing a consultant or certification body to help with your ISO 9001 journey, CertBetter can connect you with vetted ISO consultants and accredited certification bodies in Australia and globally. You submit one form and receive up to three competing quotes at no cost to you. It takes the guesswork out of finding someone who actually knows what they are doing.
