How To Conduct an ISO 9001 Internal Audit

The internal audit is documented using an Internal Audit Procedure and is carried out using an Internal Audit Checklist.

Auditors are responsible for informing you of any areas that need improvement to meet the standard, as well as areas that are performing well and conforming to the standard.

Internal audits help prepare for an external audit, which is usually the determining factor in whether your organization is granted ISO 9001 certification.

Internal audits can be scheduled as frequently as your organization determines necessary to improve processes. Some businesses schedule audits once a year, every quarter, or even once a month, at most.

Internal Audit Process

There are a few steps to ensure the highest success rate for your internal audits. If you follow these steps closely, you should have a great experience throughout the process and solid results by its end.

1. Scheduling the Audit

Before planning the audit itself, you will want to make sure that everyone on your team has a proper heads-up about your intentions. If not, the results you may receive running an audit randomly will not give you proper information, making the entire audit process virtually useless. In addition, if your employees and management are prepared for the audit, they will have a better idea of what to expect for the external audit later.

You will want to make sure that process managers are given enough time to wrap up anything they are working on so you have the most accurate information possible. So, if you plan on doing an internal audit, check in on the progress of projects among management and employees before moving forward and planning the audit.

2. Planning of Audit

Next, you will want to begin the audit process. To start, you will want to ensure it is scheduled accordingly. This includes informing the auditors you are using to determine the most effective time to come and conduct the review.

This is the most critical step of the audit process, as auditors can also look at your organization’s audit history and review previous issues that may have been found beforehand. From here, the auditor will let you know the best time to begin the process.

Choosing Auditors

Either an assigned ISO 9001-trained employee(s) from within the company or outside, verified auditor(s) can conduct and oversee the audit. Their role is to ensure everything regarding your company’s processes is performing well and to review their findings with you. It is recommended that you have more than one auditor so the process goes smoothly; it is also always better to have more than one set of eyes when it comes to audits. The larger your organization, the more auditors you should have.

3. Running the Audit

After careful planning, the next logical step is to conduct an audit. The beginning of this will be more of a reassurance to you and the auditor that the plan is laid in stone and ready to start. Many things are done throughout the audit itself, such as reviewing all records, observing the success of certain functions, detecting flaws within the system, conversations with employees, and more.

The best reports received from these internal audits show areas that are considered to be running poorly and recommend areas that can operate much more effectively with adjustments.

These adjustments, also known as corrective actions, can help process managers and your organization’s systems achieve much greater success in the long run.

4. Reports

Once the audit has been thoroughly conducted, the auditors will meet with you (or whoever the process manager is) to discuss the results that they were able to find. This meeting will highlight the errors that were found and what tactics can be used to improve those areas.

Having hard evidence of what processes are not producing—in addition to paths to improvement—offered is any process manager’s dream, and it is a reality that can be achieved through an internal audit. These reports and results will also help you save resource costs by utilizing them much more efficiently, as you will now know where time and energy should be spent.

5. Follow-Up

Every now and then, you will want to reflect on the audit results and issues that were found that have now been addressed. You will want to review this information with those who provided you with the audit. Compare your standards from before your audit to after to see if there have been any significant changes in performance based on recommended adjustments.

Afterward, rinse and repeat this process over time, as success will not last very long, and tweaks will need to be made often to ensure improvements are on the rise.

Using An Internal Audit Checklist

The checklist is a great reference for ensuring that the steps of the internal audit are performed effectively and properly.

Scoring Criteria

The scoring criteria for internal audits are broken up into four different sections. These four sections are:

1. Compliant - This means everything about a specific process complies with ISO 9001, and all requirements are met effectively. This is, of course, the best score you can receive based on the criteria.
2. Opportunity for Improvement—This will refer to a small issue or flaw within the management system. An auditor will also try to recommend improvements here.
3. Minor Non-Conformance - This score will reflect a poor representation of a document and a low number of requirements met for the process. This will not exactly result in a complete failure in your final compliance score, but it will affect certain sections.
4. Major Non-Conformance - If you receive this as a score on the criteria, many changes will need to be made. This means there is a lack of proper documentation, provision, or properly implemented standards.

Requirements

For the supplier, the audits will be conducted as discussed previously, referring to the first step of the audit process above. During these audits, processes will be identified and recorded, and the auditor will provide explanations for the process manager to help them understand how interactions work within the processes.

The following bullets are requirements for the audit directly pulled from the official supplier audit checklist:

For audits of customer-related processes, they are conducted at intervals to:

• Determine whether the process conforms to planned arrangements
• Determine whether the process is implemented correctly and maintained
• Provide information on process performance to Top Management

These points should be considered during the auditing process:

• Is there continuity between the various support processes?
• Is the task done consistently on a person-to-person or day-to-day basis?
• Do the interfaces between the departments operate smoothly?
• Does product information flow freely?
• Is the procedure correct?
• Does it meet the requirements of the standard or specification?
• Is it helping the organization effectively?

Process Audit Turtle Diagram

Another great tool in the supplier checklist is the process audit turtle diagram. This gives the auditor questions to consider under the following subjects:

• Equipment & Facilities
• Personnel
• Control Processes
• Process Inputs
• Process Name/Description
• Process Outputs
• Instructions & Procedures
• Support Processes
• Key Performance Indicators

For example, the diagram Asks questions such as what triggers the process and where inputs come from for process inputs. Each box of questions points to another set of questions, helping the supplier complete the checklist effectively.

Quality Planning

For the remainder of the checklist, various subjects are organized into the following table:

Quality Management

The first subject to be included in the above table is quality management. This is to review how processes are performing and ensure that the objectives of the business plan are clear.

Issues found and how improvement corresponds to previous corrective actions will also be examined. Finally, strategic objectives, plans for action, and other quality management system-related requirements will be assessed.

Continuous Improvement

The next subject that is analyzed is continuous improvement. Some of the questions that are included in this audit list are:

• Are preventive actions taken based on analyzing significant business trends, design reviews, customer satisfaction surveys, or other meaningful inputs?
• Does the corrective action system cover customer, internal, and supplier issues?

These questions are taken directly from the question list and give you a good idea of how they are formatted. This section will also assess management meetings, customer surveys, and various action plans.

Education and Training

This is certainly one of the more important subjects analyzed during the internal audit, as this will be the groundwork for later improvement and success. Some of the questions asked during this audit section of the checklist are based on making sure that records are being maintained and that the methods used for verifying training are suitable as well.

Certification history and records of qualifications are near the top of the list of what will be looked for. Training manuals and assessments for job skills will also be analyzed.

Occupational Health and Safety

This area will mainly be concerned with checking the management system and the policies and procedures regarding health and safety. Questions regarding this section of the audit checklist revolve around checking procedures used for identifying hazards and control measures for issues.

During the audit, the training, communication, and participation procedure will also be examined.

Design and Development Support

There are quite a few questions regarding this section—about five in total. Some of these questions are about CTQ (Critical-to-Quality) characteristics and ensuring that both human and technical resources are meeting all requirements.

Some of the things that are looked for include:

• Market studies
• Technical staff requirements/qualification
• CAD
• Process plan

Quality Planning

Quality planning involves inspecting samples from production and ensuring that test plans are followed properly. In this section, auditors also ensure that certain data, such as data related to product reliability, is available at any request.

Auditors look for test reports, charts on test summaries, and other similar documents. They will also inspect forms such as the PPAP (Production Part Approval Process).

Other Items On the Audit Checklist

Other areas that are included in the internal audit checklist include the following:

• Customer Documentation
• Procurement
• Incoming Material
• Manufacturing Quality
• Process Control
• Nonconforming Material
• Monitoring & Measurement
• Maintenance
• Environment
• Storage & Packing

Findings Summary

At the end of the checklist, there is a box that is used to gather specific information regarding findings, including:

• Number
• ISO/Specification Reference
• Summary
• Root Cause
• NCR Number
• Rectification Date

These boxes are checked within the following categories:

• Non-Conformance
• Corrective Action
• Preventive Action & Opportunity for Improvement

Finally, additional notes about observations and comments during the audit are written in this section.

Other Types of Audits

Internal audits are only one form your organization can use to improve internal systems and processes.

For example, although most internal audits are on-site and performed by someone within the company, you can also use remote audits, in which an outside auditor will assess your organization virtually. You can also hire an auditor from outside your company to perform an on-site audit.

External Audits

External audits differ slightly from internal audits as they prepare you for your official certification audit later. External audits focus on supplier and customer certification, as well as surveillance.

Customer Audits

Customer audits are done when customers verify that the organization is meeting their established requirements.

Supplier Audits

Audits focused on the supplier are designed to ensure that the requirement of controlling external providers is accomplished. These audits are performed more frequently, partly because internal auditing plays such a large part in the process of becoming ISO 9001 certified.

Supplier Audit Checklist

The supplier audit checklist is used to help suppliers identify an organization's compliance with the requirements of ISO 9001 standards.

View our Checklists - including a Free Supplier Audit Checklist and Process Audit Checklist)

Process Audit

The process audit checklist assesses your organization’s various processes for effectiveness and performance within ISO 9001 requirements. It follows a near-identical template to the other checklist but is shorter in form.

Scoring Criteria

The scoring criteria for process audit checklists are identical to those for supplier checklists. The grades for scoring are compliant, opportunities for improvement, minor non-conformance, and major non-conformance.

Requirements/Process Audit Checklist

The audit requirements and process audit checklist are the same as the supplier checklist, with no changes in this area.

The only difference between the two checklists is the tables and what is shown. While the process audit checklist table includes audit questions, similar to the supplier checklist, the big difference is in the opportunities for improvement slot, otherwise known as OFI. This is where suggestions to improve processes will be placed.

Process Definitions

The first subject area, process definitions, includes questions regarding the identified process managers and evidence for process inputs.

Process Resources

Process resources are the next subject area marked for the table, which includes 14 questions. These questions look at the number of people involved in a process and the measure of efficiency and satisfaction based on employee input.

Process Execution

Next up is process execution. This deals with audit questions involving maximizing material usage to avoid waste and ensuring that interfaces within the departments operate as they should.

Process Monitoring

Process monitoring deals with questions directed toward the following key points:

• Making sure the process is being monitored properly
• Ensuring improvements within the process are made
• KPI is consistent with quality objectives
• Measuring the effectiveness of the process, as well as its efficiency.

This is arguably one of the more important subjects of the process audit since it deals with the processes themselves.

Process Improvement

The final area in the process audit checklist is process improvement. This section focuses on how the process itself can be improved in any way.

Some of the questions will focus on whether the PDCA (plan-do-check-act) cycle is effective for your organization and whether employees show signs of improvement.

Findings Summary

The table in the summary of the findings in the process audit checklist conveys the same information as the supplier checklist but only lists non-conformance, corrective action, preventive action and OFI as scoring options. In addition, a section is included for observations, comments, and any other notes to complete the process audit checklist.

Certification Audit

This is the audit that is done before you are given an ISO 9001 certification. It is the last milestone before achieving the ultimate goal of becoming certified. It is typically completed in two separate parts.

1. The first part acts as a warm-up and feeling-out process to ensure you are ready to move on to the second part of the audit. If it is decided that you have succeeded in reaching the requirements to move on, then the second phase will commence.
2. The second part of the audit is conducted on location and involves an interview. For example, staff will be included in this part of the audit, and documented information will also be reviewed. This is done to ensure that your organization is in alignment with all of the requirements set out by ISO 9001.

Also, it should be noted that these types of audits are usually only conducted every three years; this is something to keep in mind when planning to schedule routine internal audits and to prepare for your ISO 9001 recertification.

Learn more about the ISO 9001 Certification Audit.

Internal audits provide many benefits to organizations: They help businesses set benchmarks to continue improving their systems and processes, address underlying issues that stem from existing processes, and prepare for ISO 9001 certification.

If your organization plans its next internal audit, having an internal audit checklist like the ones mentioned above will make the process go smoothly and organized.

To view our ISO 9001 Audit Procedure & Checklists, please see below.