ISO 9001 Certification Audit ~ The Ultimate Guide [with Checklists & Template]

What is an ISO 9001 Certification Audit?

The ISO 9001 Certification Audit is the final step before companies receive ISO 9001 certification. An external auditor from outside your organization will assess the quality management system (QMS) you have implemented with relevant documentation to see if you have met all of the ISO 9001 requirements.

Based on their findings, the auditor will either grant your organization certification or ask for corrective actions before you can be certified. Is your company ready to be audited for ISO 9001? To ensure that you have the best chances of earning ISO 9001 accreditation, here are some tips to prepare.

What follows is our ultimate guide for your ISO Certification Audit. It is geared towards ISO 9001, but can also be applied to ISO 14001, 45001, 27001 etc. You won't find a more detailed certification audit guide anywhere. It's a long read - but includes all the steps necessary and everything you need to know about how to perform the certification audit.

Contents

internal audit blackboard planning

Preparing for an Internal Audit

Internal audits are a form of inspection where your organization assesses its quality management system to see if it is ISO 9001 compliant. Internal audits often take place during QMS implementation as well as even after certification.

The best way to be prepared for your external ISO 9001 audit is to have practice runs with your internal audits. Every organization seeking ISO 9001 certification should have routine audits with someone within the company to track their quality management system implementation progress and to see if there are any corrective actions needed to meet the certification requirements.

An internal audit will be able to uncover any flaws in your quality management system and identify any factors that need improvement before your external ISO 9001 review for certification.

How to Choose Internal Auditors

Internal audits are usually performed by an employee (or employees) within your company. However,  internal audits can also be done by subcontractors. Note that the internal auditors you choose will need to be trained in the most recent ISO 9001 standard before performing routine audits; the process of training can start as soon as you beginning quality management system implementation so they can aid in the transition.

You will need to pick enough internal auditors to cover each department and area of your organization. Depending on the size of the organization, you can have from one to four auditors chosen for each area. You will need enough auditors to ensure that they don’t end up auditing their own departments.

A rule of thumb is this: 10% of your total employees should be auditors. So, if you have one hundred employees in your company, at least ten of them should be auditors.

When you are picking your auditors, choose employees that are excellent communicators, and have a knack for finding issues and problem-solving. It also doesn’t hurt if they have strong interpersonal skills. Some smaller companies opt to make their ISO 9001 lead (or person in charge of implementing ISO 9001 requirements) their internal auditor because they are already well-versed in ISO 9001.

audit report

Creating a Well-Designed Internal Auditing System

To be best prepared for the certification audit, you’ll need to rely heavily on your internal auditing system. However, if your auditing system isn’t up to par, your organization won’t be set up for success like it should be. Here are some tips to follow to create a phenomenal and effective auditing system:

  1. Understand ISO 9001 - Make sure your auditors are thoroughly trained and understand the latest ISO 9001 standard.
  2. Choose Departments - Determine what areas of the company need auditing before you begin routine audits. Sometimes the areas that need assessment depend on the size of the organization. If you’re not sure which departments to focus on, think about which departments will be affected by the new quality management system. Those are most likely the areas that will need frequent auditing.
  3. Audit Frequency - How often will you audit? Determine how frequently you want to have internal audits. Many organizations will opt to have quarterly or yearly internal reviews.
  4. Audit Plan - Develop an audit plan. What resources do you need in terms of checklists and documentation? How many auditors will you need for your company’s size?
  5. Audit Purpose - Determine the purpose of your company’s internal audits. What do you wish to learn from these checks? What are your goals and objectives? Do you want to concentrate on a specific department or the focus more on the systems within it?
  6. Meet with Auditors - Have a meeting with your auditors. Make sure everyone is on the same page in terms of the plan, purpose, and scope of the audits.
  7. Auditor Preparation - Your auditors should be very familiar with the documents they will be auditing against. They should understand the information they hold and develop questions for the auditees based on that information.
  8. Audit Information - The auditors should also be prepared to be able to explain how the auditing process will work with the auditees (including management) before beginning.
  9. Audit Review - Following the audit, auditors should hold a meeting amongst themselves and again with the auditees to discuss what was done well and what needs improvement or does not meet ISO 9001 standards.
  10. Corrective Actions - Once problems are brought up to auditees, give them the independence to suggest their own corrective actions. This way, they will take more ownership in implementing changes.
  11. Create Deadlines - Have your auditors give auditees reasonable deadlines for completing corrective actions. The deadline may vary depending on the severity of the nonconformity.
  12. Audit Team Feedback - Give your audit team feedback on how they audited. Is there anything that could be changed to better reflect what the real auditing process looks like? Allow them to adjust accordingly for the next internal audit. 
  13. Include Everyone - Finally, make sure everyone is involved in the auditing process! Rotate employees as volunteers to assist auditors or shadow them during the reviews. Doing this will give them more insight into what the process is like and why they are necessary. They will also be more prepared for the external audit by already knowing what to expect.

internal audit elements

What Is The Internal Audit Process?

During an internal audit, a member (or members) of your organization will be tasked with comparing your QMS to ISO 9001 standards.

They will begin by explaining how the auditing process will work before starting their audit. They will also answer any questions auditees may have in addition to compliance problems they are already aware of that they would like to address.

Following this opening meeting, the auditors will begin their audit. If the auditors find that there is a problem not within the scope of the inspection (or not relevant to the ISO 9001 standards they are testing the area against), they may still evaluate it to see what risks may come with not addressing it. If there is a chance the problem could affect your ISO 9001 certification eligibility, they may ask for corrective action to be taken.

Other problems with noncompliance with ISO 9001 that your auditors will find will be addressed with auditees as well as generated in the documentation they create. The documents usually take the form of a checklist or table that provides the following information:

  1. Section of the ISO 9001 standard
  2. Name of the requirement
  3. Observations and comments
  4. Acceptable/deficient condition (Are you compliant or not compliant with the ISO 9001 requirement?)

ISO 9001 certification checkmark

Preparing for the Official ISO 9001 Certification Audit

When preparing for the external ISO 9001 certification audit, the focus should be in setting up an effective quality management system. When your organization is ISO 9001 certified, it means that you’ve successfully implemented a quality management system according to ISO 9001 standards, and have demonstrated that to an external auditor.

Plan Ahead

Any corrective action taken even before the internal audit takes place will help improve the chances of success during the review.

Create a plan with a time-line that represents any actions that are still needed to take place in order to be compliant. In-between internal audits, implement these actions, so they have enough time to integrate into your quality management system before the next internal audit. That way, by the time you have your next inspection, your auditor(s) will be able to tell you whether or not those actions are sufficient or if there’s anything new that needs addressing.

Take the Audit Seriously

You will have about two to three months to prepare for your certification audit, so make sure you take advantage of what you can learn from your internal audits until then. Treat your internal audits as if they were the real thing.

Be Professional

This goes along with taking the audit seriously. Treat each employee and section fairly as if it were your own department.

Understand ISO 9001 Standards

While your employees don’t necessarily have to memorize the ISO 9001 standards, they should at least know enough to understand what the expectations are and what will be audited in relation to those expectations.

Prepare Your Team

Just like the external ISO 9001 audit, make sure your employees are always prepared before an internal review. Make sure that everyone is on the same page about what will happen during the check and the information/documentation they need to know.

Check for Implementation

Since your internal audits are essentially practice runs for the official external audit, it is the perfect opportunity to make sure the quality management system you have planned for your organization is correctly implemented, and that any new processes are being followed accordingly.

It is also a good time to assess whether or not your QMS is working effectively. Internal audits provide an opportunity for businesses to adjust their system if there is a flaw or portion that is not ISO 9001 compliant.

Follow Normal Procedures

During the internal audit, make sure you follow safety procedures in addition to all other procedures that should be followed throughout the departments within the organization.

Be Honest

Make sure your employees are honest with the auditors. The point of the internal audits is to help the organization as a whole improve well before the certification audit takes place. Improvements can’t happen if your employees are not completely transparent about how their department runs.

The Third-Party Auditor

The external audit process will work similarly to your internal audits; the only difference will be who will be performing the audit. In order to achieve certification, you will need to demonstrate your ISO 9001 compliance to an external or third-party auditor.

The third-party auditor (or auditor team) will be assigned to your organization by an ISO 9001 registrar (also referred to as a Certification Body or CB), an independent entity who also issues the ISO 9001 certificate once approved by the auditor.

Certification Audit Process

The external audit can take place after you have completed a successful internal audit and have at least two to three months of documentation and records from your ISO 9001 procedures.

The official auditing process takes place in three steps: the opening meeting, the auditing process, and the closing meeting.

Opening Meeting

When the external auditor(s) arrives, the management team and the auditor will first meet to go over any management review meeting notes and your organization’s quality objectives.

During the meeting, the auditor(s) will also discuss their role and the auditing schedule. The auditing process may take up to a week, depending on the size of the organization.

Audit of Processes and Quality Management System

After the opening meeting, the auditor(s) go over your quality management system processes using their audit schedule as a guide. (Note that some process reviews may take more or less time than scheduled.)

The auditor(s) will visit a few or all of your departments to check if the ISO 9001 requirements noted in your documentation is implemented and being followed by staff. The auditor(s) will interview staff members, asking questions, and taking note of what they discover; depending on the findings, auditors may make a note for further evaluation.

This will be when most of the auditing process takes place; during this step, you and your team will gain insight into what you are doing well and what could use improvements for better compliance.

Closing Meeting

If the auditor(s) find any problems in compliance with ISO 9001, they will bring those concerns up for you to take corrective action before receiving ISO 9001 accreditation. Some auditors may offer recommendations based on those findings. All this and more will be in an audit results report for senior management and employees to review.

However, if the auditor(s) do not find any major issues with your QMS, you will be awarded an ISO 9001 certificate following the audit.

helpful hints

Tips to Pass Your External ISO 9001 Certification Audit


Be Prepared: Stick to Your Plan

Having a successful ISO 9001 system requires on-going maintenance and takes a while to implement. It is most certainly not a one-time, one-hour ordeal.

Create a schedule that outlines how you plan to implement your new ISO 9001 system. What requirements should be met in a month’s time? In a year’s time? Create a time-line with milestones to make sure you stay on track. The last thing you want your organization to do is to rush to meet the ISO 9001 requirements weeks before your official certification audit.

Prepare Your Employees

Your employees and management should also be prepared for the audit. Make sure they are up-to-date on the following quality management system features:

  1. Quality Policy - Review the quality policy with your teams and make sure all of your employees understand it. They don’t have to memorize it, but they should at least have a clear understanding of what the company’s quality management system entails along with its goals.
  2. Quality Objectives - Employees should know what your organization’s quality objectives are and how they can help achieve them. They should know how their day-to-day systems help meet these objectives.
  3. Training - Make sure all employees have been properly trained to perform their roles according to ISO 9001 standards.
  4. Documentation - All employees and management should know where they can get updated copies of documentation for procedures, work instructions, and forms related to their position and/or department.
  5. General Audit Information - Inform your employees about the scope of the audit, when they should expect to be audited, and what the auditor may be checking for within their department.
  6. Interviews - Your employees should be able to answer the auditor with honesty confidently, and should be comfortable with saying “I don’t know,” if they are not sure how to respond to an auditor’s question.

Review Documentation

Your team should be very familiar with relevant documentation to their role and area, but it's also important that your documentation is accurate in the first place. First, you should have the following documents on-hand:

  • Quality policy
  • Procedures
  • Scope of the quality management system
  • Process map or flowchart
  • Quality objectives
  • Work instructions
  • Forms
  • Records

Before your audit, also review your documentation to make sure it is:

  • Up-to-date with your current QMS
  • Approved by management and supported by employees
  • Followed by employees the document pertains to
  • Being used correctly by management and employees

You should also make sure any obsolete or outdated documents are removed and no longer in use.

Ensure Processes are Being Followed

All procedures that your organization has implemented under ISO 9001 standards (whether they are documented or not) should be followed. Make sure your employees are aware of any updated quality management system procedures that apply to their role and department and that they are following the new systems accordingly.

It’s also important that you check that critical processes are being performed the correct way (and the same way) by all employees.

Have Corrective Actions Ready or Implemented

Take steps to resolve recurring problems as soon as they appear during internal audits. By starting early, you can find quick, foolproof solutions to the flaws in your quality management system.

If an auditor finds a problem during your official auditing process, they allow you enough time to repair those issues, and if you are able to resolve those conflicts, then you can still be certified.

However, if the auditor uncovers a problem that you have seen often, and don’t have a solution for yet, you could lose your chance at certification. For that reason, it is important that you have addressed any findings from your internal audits before your certification audit. Also make sure that for corrective actions that have been executed that you have verified them for effectiveness, and have documentation that supports that.

Use Your Internal Audits as an Example

Regular internal audits allow you to see any concerns regarding ISO 9001 requirements. By assessing your company routinely, you can correct anything that needs fixing long before your official certification audit.

In addition, internal audits will allow management and employees to be more prepared for the real deal, especially the interview process.

Be Professional

Just like your internal audits, it's important to be positive and professional. Make sure you make a good impression with the auditor--treat them professionally and with respect.

Remember that the external auditor isn’t your enemy—they’re trying to help you and your organization uncover any weaknesses so that you can take corrective actions needed to ensure a high-quality standard for your employees, your company, and ultimately, your customers.

Have a Management Review Prior to the Audit

A good management review assesses the quality management system you have established for your organization at least once a year. Senior managers should review the following:

  1. Quality policy
  2. Objectives for the following year
  3. Customer feedback
  4. Nonconformity issues and corrective actions
  5. Status of internal audits
  6. Changes to processes and regulations

Routine management reviews should be documented according to ISO 9001 requirements. Each review should be followed by an actionable plan that is meant to resolve any concerns identified during the meeting. Such concerns should be resolved before the next internal audit so suggested changes have enough time to be implemented.

Monitor Your Objectives and Record Your Progress

The auditor who visits your facility will want to see documentation or records that have tracked your progress during the implementation of your ISO 9001 system. They will be looking for evidence that shows that you have been following your plan and meeting objectives. Note that it is perfectly okay to change future goals if the business environment has changed since you have set the objectives; for example, perhaps the economic climate has fluctuated so you may increase or decrease your sales goals.

Put Your Best Foot Forward

The ISO 9001 certification audit is very important: to your organization, your employees, and your customers. Make sure you put your best foot forward!

It can be difficult for an audit to take place in an unorganized or dirty workplace. Ensure that all of your company’s workplace areas are clean and organized. This includes any offices, desks, warehouses, or floors. Make sure any form of paperwork or documentation is organized and easy to access.

It helps if managers perform an initial inspection to make sure everything is where it should be and neat prior to the official audit.

ISO stamp

What is you Fail? Reapplying for ISO 9001 Certification

In the event that you are not able to be certified due to a significant issue found by the auditor with compliance, you will need to address those problems based on the auditor’s recommendations in their auditing report. Some of the most common major problems found in quality management systems include:

  • Stakeholders not defined
  • Lack of monitoring and measurement processes
  • No evaluation of internal or external risks
  • Missing action plans to mitigate risks
  • Ineffectively recording and documenting organizational knowledge
  • Weak control of documents and data

Make sure you perform at least one or two more internal audits before you attempt your official certification audit again to ensure that action plans have been executed and have demonstrated their effectiveness.

You've Passed! Maintaining Your ISO 9001 Certification

Your first external ISO 9001 audit will certainly not be your last; certification only lasts for three years. After the three-year period, you will need to have another external audit performed in order to renew your certification.

If you have successfully maintained your quality management system and have been keeping up with internal audits to make sure your organization is still meeting ISO 9001 standards, then the routine external audit should go without a hitch. Also, if your company has implemented an effective QMS, then improvements will automatically come about, therefore increasing your chances of maintaining certification for much longer.

The entire process of implementing a quality management system in your organization according to ISO 9001 standards is well worth the time and money, and while the ISO 9001 external audit may seem intimidating because it determines your certification status, your company will be able to learn a lot more about your organization and its strengths and weaknesses.

Internal Auditing & Gap Analysis

 

Updated: 21st March 2023
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO Checklist

 

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your internal audits without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.


  Standard  

QMS Internal Audit Documentation Package

Everything you need to perform an internal audit for ISO 9001:2015.

Procedures - view sample

Checklist - view sample

Charts

Reports & Forms

  • Audit Results Summary
  • Internal Audit Report - view sample
  • Corrective Action Report
  • Non-conformance Report
  • QMS NC & Corrective Action Tracker
  • Internal Audit Feedback Form

Process Maps

  • Process Audit Template
  • Control of Internal Audits Process Activity Map
  • Internal Audit Process Map - view sample
  • Control of nonconformity & Corrective Action Process Activity Map
  • Nonconformity & Corrective Action Process Map
  • Supplier Process Turtle Diagram

Plus:

  • Internal Audit Guidance - view sample
  • Audit Question Guidance
  • Clause-by-clause Interpretation

The documents are used together as a cohesive system or available seperately below.

ISO 9001:2015

$149 USD add to cart

QMS Control of Internal Audits Procedure - view sample

The purpose of the Internal Audit Procedure is to define your organization’s process for undertaking QMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of the quality management system and its compliance to ISO 9001:2015.

This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:

  • Control of Internal Audits Process Activity Map
  • Audit Report
  • Audit Feedback Form - view sample
  • Internal Audit Process Map - view sample

ISO 9001:2015

$19 USD add to cart

QMS Internal Audit Checklist v2 - view sample

Use this audit checklist to determine the extent to which your quality management system conforms to ISO 9001 requirements by determining whether those requirements have been effectively implemented and maintained. This template will help you to assess the state of your existing management system and identify process weakness to allow a targeted approach to prioritizing corrective action.

Master Internal Audit Checklist - view sample

This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 9001:2015, each required is phrased as a question.

  • 305 Audit Questions
  • MS Excel
  • Context of the Organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

The answers will automatically populate and update the Audit Results Summary and charts.

Audit Results Summary

  • Automated Charts - view sample
  • Compliance Summary
  • Top 10 Root-causes
  • Nonconformity Breakdown by Clause
  • Recommendations
  • OFIs by Section

Process Audit Template

Requires the auditor review the inputs, risks, controls, activities, equipment, materials, personnel, and methods of measurement for each process.

Question Guidance

Guidance and suggestions for each audit question - view sample

ISO 9001:2015

$79 USD add to cart

QMS Internal Audit Checklist v1 - view sample

This is the 'Master Internal Audit Checklist' (see above) in MS Word format.

  • 305 Audit Questions
  • MS Word
  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

ISO 9001:2015

$39 USD add to cart
  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

money back guarantee


We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002.

Please read our Money Back Guarantee.

 

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

 

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

 

FAQs About Our Templates

Ask Us a Question

More Information

 

ISO 9001 Client images