How to perform an ISO internal audit?

Asked by: Robin Olson  |  Last update: July 3, 2026
Score: 4.1/5 (1 votes)

Performing an ISO internal audit involves a structured 5-step process: planning the schedule, preparing audit documents (checklists), conducting the audit through interviews and evidence gathering, reporting findings, and following up on corrective actions. It ensures compliance with standards and drives continuous improvement, generally involving an opening meeting, site visits, and a closing meeting.

How to conduct an internal ISO audit?

The general steps for internal audits under ISO 27001 are as follows:

  1. Define the internal audit scope.
  2. Prepare an ISO 27001 checklist.
  3. Undergo the internal audit.
  4. Evaluate and document the results.
  5. Prepare the internal audit report.
  6. Undergo management review.
  7. Implement follow-up processes.

How is an ISO audit done?

This audit is always carried out by the auditors of a certification body. This audit process aims to assist your organisation in achieving ISO certification to the relevant ISO standard by an approved certification body. The certification body must be accredited by a recognised accreditation body as well.

How to conduct an IMS internal audit?

The following is a description of the steps involved in auditing an IMS:

  1. Understanding and defining the scope and objectives.
  2. Audit planning.
  3. Conducting the audit.
  4. Presentation of the report.
  5. Follow-up on audit findings.

What are the 5 steps of the internal audit process?

What Are the Steps in the Internal Audit Process?

  • Building the Internal Audit Team. Start with building the internal audit team. ...
  • Risk Assessment and Audit Planning. ...
  • Audit Scoping and Fieldwork. ...
  • Reporting Findings. ...
  • Follow-Up.

How to Conduct an Internal Audit

35 related questions found

What is the ISO for internal audit?

ISO 9001 provides an audit checklist that organizations are required to use when conducting internal audits. The checklist includes questions for assessing an organization's context, leadership, planning and quality management systems, support structures, operations, performance evaluation and areas for improvement.

What are the 5 P's of internal audit?

The “5 P's of Internal Audit” includes 5 video-clips presenting testimonials from audit managers on the topics of Plan, Perform, People, Profile and Product.

What types of ISO IMS audits are there?

There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits. A third party audit can result in certification.

What are the 6 mandatory procedures for ISO 9001?

Here are six ISO 9001 mandatory procedures to implement:

  • Control of Documents. It's essential to maintain efficient communication for a seamless business operation. ...
  • Control of Records. ...
  • Internal Audit. ...
  • Control of Non-Conforming Products. ...
  • Corrective Action. ...
  • Preventive Action.

What is an ISO audit checklist?

These checklists help internal auditors maintain focus on the audit objectives, ensure all necessary areas are reviewed, and provide a record of the audit process and findings. An ISO audit checklist typically covers various sections and processes depending on the specific ISO standard being audited.

What are the 7 principles of ISO?

Now let's begin with the 7 principles of ISO 9001, which are Customer Focus, Leadership, Engagement of People, Process Approach, Improvement, Evidence-Based Decision Making, and Relationship Management.

What are the three types of ISO audits?

There are three types of ISO audits: internal audits (first-party audits), supplier audits (second-party audits), and external audits (third-party audits). Your choice of audit type will alter depending on your compliance and certification goals, scope, scale, and budget.

What are the 4 types of internal audit?

Types of Internal audits include compliance audits, operational audits, financial audits, and an information technology audits.

What are the 7 steps in the audit process?

The 7 steps in the audit process generally cover Planning, Risk Assessment, Internal Control Testing, Fieldwork/Evidence Collection, Reporting, and Follow-Up, focusing on a systematic review from initial engagement to ensuring corrective actions are taken for operational improvement. This framework ensures comprehensive evaluation, from understanding the client's business to delivering actionable insights and ensuring accountability for identified issues. 

What are the 7 auditable elements of ISO 9001?

7 key quality management principles—customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making and relationship management.

What are the 5 stages of the internal audit process?

What happens during an audit? Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.

What are the 4 ISO standards?

ISO 9001, ISO 14001, ISO 45001, and ISO 27001 certifications offer a comprehensive framework for quality management, environmental responsibility, occupational health and safety, and information security management, respectively.

What are 1st, 2nd, and 3rd party audits?

1st, 2nd, and 3rd party audits categorize audits by who performs them and their purpose: First-party (internal) audits are self-assessments for improvement; Second-party audits are by customers or partners on suppliers to check compliance; and Third-party audits are by independent, external bodies for certification (like ISO) or validation, offering the highest objectivity.

What is an internal audit checklist?

What is an Internal Audit Checklist? An internal audit checklist is an invaluable tool for comparing a business's practices and processes to the requirements set out by ISO standards. The internal audit checklist contains everything needed to complete an internal audit accurately and efficiently.

What are the 7 principles of internal audit?

The principles of independence, objectivity, competence, confidentiality, professionalism, due professional care, and continuous improvement are essential for the internal audit function to fulfill its role as a trusted advisor to the organization.

How do I prepare an ISO audit checklist?

ISO audit preparation checklist

Make sure employees are trained and ready to discuss their roles. Fix any non-conformities from earlier audits and keep all required records easily accessible. Conduct internal audits to confirm that processes are being followed and that daily operations match the documentation.

Are ISO audits hard?

An ISO certification will require time, effort, and improvement from all areas of the business. However, the steps that must be taken are worth it for any company. It will benefit business owners, employees, and customers.

How to conduct an ISO internal audit?

An audit should start with a meeting of the process owner to make sure that the audit plan is complete and ready. Then there are many avenues for the auditor to gather information during the audit: reviewing records, talking to employees, analyzing key process data or even observing the process in action.