What is an ISO Internal Audit? The purpose of an internal audit is to assess the effectiveness of your organization’s quality management system and your organization's overall performance. Your internal audits demonstrate compliance with your ‘planned arrangements’, e.g. the Quality Management System (QMS) and how its' processes are implemented and maintained.
Contents
- Why perform Internal Audits?
- Principles of Internal Auditing
- Types of Internal Audit
- Use an Internal Audit Checklist
- Do We Need An Internal Audit Procedure?
- A Gap Analysis
- Preparing the Audit Report
- Getting the Most from the Audit Schedule
- Other types of Audit
- Internal Audit Templates - Checklist, Procedure
Your organization will likely conduct internal audits for one or more of the following reasons:
| ISO 9001:2015 | ISO 9001:2008 | Summary of Changes | ||
| 9.2 | Internal Audit | 8.2.2 | ISO Internal Audit | This requirement is unchanged from the requirements of ISO 9001:2008 Clause 8.2.2 – Internal Audit. |
Auditing relies on a number of principles whose intent is to make the audit become an effective and reliable tool that supports your company’s management policies and policies whilst providing suitable objective information that your company can act upon to continually improve its performance.
Adherence to the following principles are considered to be a prerequisite for ensuring that the conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors working independently from one another to reach similar conclusions when auditing in similar circumstances.
The following principles relate to auditors.
Competence level may be measured by training, participation in previous audits and experience in conducting audits. Auditors may be external or internal personnel; however, they should be in a position to be impartial and objective.
When internal personnel are selected to perform an audit, a mechanism needs to be established to ensure objectivity, for instance, a representative from another department may be selected to do the audit.
Audits are demanding and require various forms of expertise. The size of the audit team will vary pending the size of the organization, size and type of operations and the scope of the audit.
Before the audit, prepare thoroughly! Spending time in preparation will make you much more effective during the audit - you will become a better auditor. Auditors should not skip this step as it provides much needed value to the audit. Taking the time to prepare and organize actually saves time during the audit.
You should have an up-to-date audit schedule and a well defined audit plan for each process. Be sure to communicate the audit schedule to all parties involved as well as to Top Management as this will help reinforce your mandate.
Gather together all the relevant documented information that relates to the process you will be auditing. Look at process metrics, work instructions, turtle diagrams, process maps and flowcharts, etc. If applicable, collect and review any control plans and failure mode effects analysis work sheets too. Review these thoroughly and highlight the aspects that you plan to audit. Using the documented information in this way ensures they become audit records.
Your organization’s documented information may not cover all of the requirements that may be relevant to the process. If certain information is not available, it may become your first audit finding, not bad for the pre-audit review!
Certain information and linkages should be audited. Some are required and some are simply good audit practice. Putting these sections into a worksheet format gives auditors a guide to follow, to ensure the relevant links are audited.
Good auditors realize very early on that they are dealing with personalities as much as processes and systems. Whilst the intent of the audit a serious one, often light humor, politeness and diplomacy are the best ways to build rapport. It is vital every effort is made to reassure those being audited that the audit’s primary function is to drive improvement, not to name and shame.
If you are new to auditing, acknowledge this fact, be open and honest. It is also important to explain to the auditees that they are free to express their views during the audit. Remember that you, the auditor, are also there to learn.
Always discuss the issues you have identified with the auditees and always provide guidance on what is expected in terms rectifying any non-conformances or closing out observations you raised. Let the auditees know they are welcome to read your notes and findings; the audit is not a secret.
Try not to be drawn into arguments concerning your observations. It is never appropriate to directly name people in the audit report as this may lead to defensiveness which is ultimately counter productive.
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
Source: International Professional Practices Framework (IPPF), The Institute of Internal Auditors Research Foundation. Florida, USA, January 2011
Internal audits are commonly referred to as ‘first-party audits’ and are conducted by an organization to determine compliance to a set of requirements which might arise from standards like ISO 9001:2015, as well as customer or regulatory requirements.
There are common methods of internal auditing that may be used to determine compliance:
The system audits are best undertaken using the internal audit checklist. This type of audit focuses on the organization’s quality management system as a whole, and compares the planning activities and broad system requirements to ensure that each clause or requirement has been implemented.
The process audit is an in-depth analysis which verifies that the processes comprising the management system are performing and producing in accordance with desired outcomes. The process audit also identifies any opportunities for improvement and possible corrective actions. Process audits are used to concentrate on any special, vulnerable, new or high-risk processes.
The product audit may be a series of audits, at appropriate stages of design, production and delivery to verify conformity to any specified product requirements, such as dimensions, functionality, packaging and labeling, at a defined frequency.
So, how is an audit conducted?
An internal audit checklist will help you to determine the extent to which your organization’s quality management system conforms to the requirements by determining whether those requirements have been effectively implemented and maintained. The internal audit tool will help you to assess the status of your existing management system and identify process weakness to allow a targeted approach to prioritizing corrective action to drive improvement.
The internal audit checklist is just one of the many tools which are available from the auditor’s toolbox that helps to ensure each internal audit addresses the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit and used correctly will provide the following benefits:
The internal audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 9001:2015, each requirement is phrased as a question.
Yes, we recommend you document an Internal Audit Procedure - this addresses two of the ISO 9001 clauses - Performance Evaluation and Improvement. It will greatly help you with the process of auditing and internal audit management.
The purpose of this procedure is to define your organization’s process for undertaking QMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of the quality management system and its compliance to ISO 9001:2015.
This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records.
Our Control of Internal Audits Procedure includes:
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our Internal Audit Checklist.
The gap analysis will likely be your first ISO 9001:2015 internal audit. The gap analysis checklist highlights the new requirements contained in ISO 9001:2015 but it not intended to cover all of the requirements from ISO 9001:2015 comprehensively.
The unique knowledge obtained about the status your existing quality management system will be a key driver of the subsequent implementation approach. Armed with this knowledge, it allows you to establish accurate budgets, time-lines and expectations which are proportional to the state of your current management system when directly compared to the requirements of the standards.
Your organization may already have in place an ISO 9001:2008 compliant quality management system or you might be running an uncertified system. If this is the case, you will want to determine how closely your system conforms to the requirements ISO 9001:2015.
The results of a gap analysis exercise will help to determine the differences, or gaps, between your existing management system and the new requirements. Not only will the analysis template help you to identify the gaps, it will also allow you to recommend how those gaps should be filled.
The gap analysis output also provides a valuable baseline for the implementation process as a whole and for measuring progress. Try to understand each business process in the context of each of the requirements by comparing different activities and processes with what the standard requires. At the end of this activity you will have a list of activities and processes that comply and ones that do not comply. The latter list now becomes the target of your implementation plan.
Take a look at our Gap Analysis Checklists.
A good summary report is the output which is the value of the audit. It deserves an appropriate amount of attention and effort. As you moved through the audit, you should have noted the issues and improvements you saw. These should have been marked clearly so you are now able to quickly review and capture them as you write the report.
These findings and conclusions should be formally documented as part of the summary report. Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know! This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes.
Gather the whole audit package together, in an organized manner. The rest of the work instructions, flowcharts, notes and relevant papers should be gathered into the audit package as supporting records. All findings should also be documented on your corrective action forms. The audit summary and the corrective action forms should be attached to the audit package, which now becomes the audit record. Only the summary report and corrective actions need be given to the process owner.
These basic audit questions will help guide the audit in the right direction since the answers they provide often unlock the doors to information the auditor requires in order to accurately assess the particulars of a process.
Consider these common audit questions:
The audit schedule is divided up to reflect each section of ISO 9001 You should determine which of these sections are of greatest relevance to your business; in other words, which processes, should there be problems, will affect your customers the most. These are the processes that your company must make certain remain stable and consistent. You might wish to schedule these key processes for additional audits, perhaps two or even three times per year.
The audit schedule provides the following benefits:
You do not need a 'Certified Auditor' to undertake internal quality audits of your management system and its processes.
Certified Auditors normally work for external, third-party accreditation bodies such as DNV, UKAS, LRQA, who will perform the Certification Audit, that is, assess your organization's management system against the requirements of ISO 9001 and provide your certificate of compliance. They will also conduct Surveillance Audits to ensure that your certification is maintained. They would not be involved in day-to-day internal auditing operations.
Internal Auditors can be people from within your organization who posses the necessary competence and impartiality to undertake internal audits in order to ensure effective operation of your organization's processes. The Internal Auditors often report to the Quality Manager.
Internal Auditing & Gap Analysis
- Internal Audit Explained
- The Complete Guide to Preparing for your ISO 9001 Certification Audit
- How Can an Internal Audit Checklist Template Help Me?
- How to do a Gap Analysis for ISO 9001 (in 6 steps)
- How Can an Internal Audit Procedure Help Things Run Smoothly?
- Internal Audit Checklist - Everything You Need To Know
Updated 15th December 2019
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard
Don’t Try to Manage It All Alone!
Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.
Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your internal audits without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.
| Standard | ||||
Internal Audit Checklist The Occupational Health and Safety Assessment Series ISO 18001:2007 audit checklist will help ensure your audits address the necessary requirements. It stands as a reference point before, during and after the audit process. OHSAS 18001 is no longer in date, it has been superseded by ISO 45001 - but this will give you a very good idea of what you will get when you buy an Internal Audit Checklist. |
OHSAS 18001:2007 |
$0 | free download | |
Control of Internal Audits Procedure - view sample The purpose of this procedure is to define your organization’s process for undertaking QMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of the quality management system and its compliance to ISO 9001:2015. This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:
|
ISO 9001:2015 |
$19 USD | add to cart | |
Internal Audit Checklist - view sample The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit and used correctly will provide the following benefits:
This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 9001:2015, each required is phrased as a question. This audit checklist may be used for element compliance audits and for process audits. 305 Audit Questions, 78 pages. - Context of the Organization |
ISO 9001:2015 |
$39 USD | add to cart | |
Internal Audit, Non-Conforming & Corrective Action Tracker - view sample
Use the internal audit tracker to collate, summarize and communicate internal audit result data. For easier reporting and interpretation, the automatic charts show overall conformity to the main clauses, as well as the types and ratios of nonconformity within the requirements. The tracker is not a strict requirement in ISO 9001:2015 but it will help to substantiate your audit programme and to introduce risk based thinking into your audit process. |
ISO 9001:2015 |
$39 USD | add to cart | |
Internal Audit Template, First Time Implementation Everything you need to perform an internal audit for the first time. 3 Checklists, including Internal Audit Checklist (as above) - view sample
Plus:
Everything you need to learn to become an auditor for implementing ISO 9001:2015 for the first time. |
ISO 9001:2015 | $97 USD |
add to cart | |
Internal Audit Template, Transition from ISO 9001:2008 Everything you need to perform an internal audit transitioning from ISO 9001:2008 to ISO 9001:2015. 5 Checklists, including Internal Audit Checklist and Gap Analysis Checklist
Plus:
Everything you need to learn to become an auditor for ISO 9001:2015. |
ISO 9001:2015 | $137 USD | add to cart | |
Control of Internal Audits Procedure - view sample The purpose of this procedure is to define your organization’s process for undertaking EMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of our environmental management system and its compliance to ISO 14001:2015. This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:
|
ISO 14001:2015 |
$19 USD | add to cart | |
Environmental Internal Audit Checklist- view sample The audit checklist stands as a reference point before, during and after the internal audit process. 186 Audit Questions, 41 pages. - Context of the Organization |
ISO 14001:2015 |
$39 USD | add to cart | |
Internal Audit, Non-Conforming & Corrective Action Tracker - view sample
Use the internal audit tracker to collate, summarize and communicate internal audit result data. For easier reporting and interpretation, the automatic charts show overall conformity to the main clauses, as well as the types and ratios of nonconformity within the requirements. The tracker is not a strict requirement in ISO 14001 but it will help to substantiate your audit programme and to introduce risk based thinking into your audit process. |
ISO 14001:2015 |
$39 USD | add to cart | |
Environmental Internal Audit Template, First Time Implementation Everything you need to perform an internal audit for the first time. 1 Checklist, Internal Audit Checklist (as above) - view sample
Plus:
Everything you need to learn to become an auditor for implementing ISO 9001:2015 for the first time. |
ISO 14001:2015 | $139 USD |
add to cart | |
Environmental Internal Audit Template, Transition from ISO 14001:2004 Everything you need to perform an internal audit transitioning from ISO 14001:2004 to ISO 14001:2015. 3 Checklists, including Internal Audit Checklist and Gap Analysis Checklist
Plus:
Everything you need to learn to become an auditor for ISO 14001:2015 transitioning from ISO 14001:2004. |
ISO 14001:2015 | $209 USD | add to cart | |
Internal Audit Checklist The Occupational Health and Safety Assessment Series ISO 18001:2007 audit checklist will help ensure your audits address the necessary requirements. It stands as a reference point before, during and after the audit process. OHSAS 18001 is no longer in date, it has been superseded by ISO 45001 - but this will give you a very good idea of what you will get when you buy an Internal Audit Checklist. |
OHSAS 18001:2007 |
$0 | free download | |
OH&S Internal Auditing Procedure - view sample The purpose of this procedure is to define your organization’s process for undertaking management system internal audits, process audits, supplier evaluation and legislation audits in order to assess the effectiveness of the application of our health and safety management system and its compliance to ISO 45001:2018. This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:
|
ISO 45001:2018 |
$19 USD | add to cart | |
OH&S Internal Audit Checklist - view sample Occupational Health & Safety Management System Compliance Auditing The audit checklist will help your audits address the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit and used correctly will provide the following benefits:
This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 45001:2018, each required is phrased as a question. This audit checklist may be used for element compliance audits and for process audits. 264 Audit Questions, 48 pages. 4.0 Context of the Organization - view sample |
ISO 45001:2018 | $39 USD | add to cart | |
OH&S Internal Audit Programme - view sample
Schedule internal audit tasks and develop your internal audit programme by simply entering the start and finish dates of each internal audit. The internal audit programme calculates the duration and creates automated graphs using different colors for the bar-chart cells. The process matrix provides a very convenient overview of all the processes that make up your management system. Defining the sequence and interaction of processes is also a requirement. This process matrix itself can satisfy this requirement. |
ISO 45001:2018 | $39 USD | add to cart | |
3 Internal Audit Checklists bundle (3 separate) ISO 9001:2015 Internal Audit Checklist (as above) and ISO 14001:2015 Internal Audit Checklist (as above) and OH&S 45001:2018 Internal Audit Checklist |
ISO 9001:2015 |
$99
USD
$117 |
add to cart | |
Integrated Internal Audit Checklist (QMS + EMS) - view sample The checklist ensures each audit concisely compares the requirements of ISO 9001:2015 and ISO 14001:2015, and your EQMS against actual business practice. The audit checklist stands as a reference point before, during and after the internal audit process. 386 Audit Questions, 68 pages. MS Word. - Context of the Organization |
ISO 9001:2015, |
$69 USD | add to cart | |
Integrated Internal Audit Checklist (QMS + OH&S) The checklist ensures each audit concisely compares the requirements of ISO 9001:2015 and ISO 45001:2018, and your QOH&S against actual business practice. The audit checklist stands as a reference point before, during and after the internal audit process. 441 Audit Questions, 26 pages. MS Excel. - Context of the Organization Audit Data Summary (Automated charting) |
ISO 9001:2015, ISO 45001:2018 integrated. |
$69 USD | add to cart | |
Integrated Internal Audit Checklist (EMS + OH&S) The checklist ensures each audit concisely compares the requirements of ISO 14001:2015 and ISO 45001:2018, and your EOH&S against actual business practice. The audit checklist stands as a reference point before, during and after the internal audit process. 301 Audit Questions, 19 pages. MS Excel. - Context of the Organization Audit Data Summary (Automated charting) |
ISO 14001:2015, ISO 45001:2018 integrated. |
$69 USD | add to cart | |
Integrated Internal Audit Checklist (QMS + EMS + OH&S) - view sample The checklist ensures each audit concisely compares the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and your EHQMS against actual business practice. The audit checklist stands as a reference point before, during and after the internal audit process. 510 Audit Questions. 28 Pages. MS Excel. - Context of the Organization Audit data Summary (automated including graphs), showing: |
ISO 9001:2015, |
$109 USD | add to cart | |
Integrated Internal Audit Template (QMS + EMS) Everything you need to perform an internal audit for ISO 9001 and ISO 14001 together. 3 Checklists, including Internal Audit Checklist - view sample
Plus:
|
ISO 9001:2015, ISO 14001:2015 integrated. |
$299 USD |
add to cart | |
Integrated Internal Audit Template (QMS + EMS + OH&S) Everything you need to perform an internal audit for ISO 9001, ISO 14001 and ISO 45001 together. 3 Checklists, including Integrated Internal Audit Checklist - view sample
Plus Audit data Summary (including automated graphs), showing:
|
ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 integrated. |
$399 USD | add to cart | |
Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.
Used by:
The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.
The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.
1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation
2. They’ve got everything you need in one simple template
3. Proven to work our templates have helped thousands of businesses big and small achieve certification
4. Documents use styles to make reformatting and rebranding a breeze
5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.
| About Us | Contact Us |  |
Endeavour Technical Limited © 2002 - 2020 |
|
71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom |
|
Registered in England No. 07175526 |
|
| [email protected] | |
Telephone: 0845 054 2886 (UK) |
|
| Terms | Privacy | |
