ISO 9001 internal audits

ISO 9001 internal audits are one of the most vital tools for continual improvement. They provide Top Management with objective, fact-based information upon which strategic decisions may be based.

One of the most important requirements of an internal audit is that it is fully focused on assessing the effectiveness of the processes that are inherent to the quality management system. Where such processes are found to be deficient, the audit will ultimately lead to improvement in those processes, since a non-conformance in a process is, more often than not, to do with a failure to comply with the relevant standard or procedures.

Why do ISO 9001 Internal Audits?

The purpose of internal auditing is to measure the effectiveness of the quality management system and its associated processes and the auditor’s role is to gauge how well this system is functioning through the gathering of objective evidence. The auditee will often be a processes owner; they are the experts of that process and as such will provide an invaluable insight into the mechanics of that process.

The auditor is there to verify that the processes are documented, implemented and understood. He will also seek confirmation that the processes complies with the necessary requirements, that the process is effective and that it continually improves.

The human aspect of auditing

Good auditors realise very early on that they are dealing with personalities as much as processes and systems. Whilst the intent of the audit a serious one, often light humour, politeness and diplomacy are the best ways to build rapport. It is vital that every effort is made to reassure those being audited that its primary function serves as a tool for improvement and not to name and shame.

If you new are new to ISO 9001 internal audits, acknowledge this fact, be open and honest, and explain that it is important that people openly express their views during the audit. Remember that you, the auditor, are also there to learn.

Always discuss the issues you have identified with the people being audited and always provide guidance as to what is expected in terms rectifying any non-conformances or observations that you have raised. Let those being audited know that they are welcome to read your notes and findings; the audit is not a secret. Be careful not to be drawn into arguments concerning your observations and it is never appropriate to name people directly in the audit report, if you do, people automatically become defensive.

Preparing for the Audit

Preparation is the key to meaningful ISO 9001 internal audits, and as such, you should have an audit schedule and a well defined audit plan for each process. Be sure to communicate the audit plan to all parties involved as well as Top Management so that they are aware of the audit, this helps to reinforce your mandate.

The audit schedule should be a living document and should not be cast in stone but instead, it should be allowed to evolve organically with the needs of the business.

Always review previous audit reports and non-conformance reports and check that any previous corrective actions are still operating.

Five elementary Audit questions

Often these basic audit questions will help guide the audit in the right direction since they will often unlock the doors to information the auditor requires in order to accurately assess the particulars of a process.

  • What are your responsibilities? (5.5.1)
  • How do you know how to carry them out? (6.2)
  • What are the objectives of your processes? (5.4.1 and 7.1.a)
  • What is the quality policy and where is it found? (5.3.d)
  • How do you know which documents to use and whether they are correct? (4.2.3)
  • What outputs does your process create and how are your records maintained? (4.2.4)

Define what you want to measure; decide how are you going to measure it and decide what objective evidence should be provided to convince you that an activity is performed in accordance with the process. An audit of your key quality management activities will always be more relevant and produce more meaningful results than a simple procedural audit.