Performing an ISO internal audit involves a structured 5-step process: planning the schedule, preparing audit documents (checklists), conducting the audit through interviews and evidence gathering, reporting findings, and following up on corrective actions. It ensures compliance with standards and drives continuous improvement, generally involving an opening meeting, site visits, and a closing meeting.
The general steps for internal audits under ISO 27001 are as follows:
This audit is always carried out by the auditors of a certification body. This audit process aims to assist your organisation in achieving ISO certification to the relevant ISO standard by an approved certification body. The certification body must be accredited by a recognised accreditation body as well.
The following is a description of the steps involved in auditing an IMS:
What Are the Steps in the Internal Audit Process?
ISO 9001 provides an audit checklist that organizations are required to use when conducting internal audits. The checklist includes questions for assessing an organization's context, leadership, planning and quality management systems, support structures, operations, performance evaluation and areas for improvement.
The “5 P's of Internal Audit” includes 5 video-clips presenting testimonials from audit managers on the topics of Plan, Perform, People, Profile and Product.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits. A third party audit can result in certification.
Here are six ISO 9001 mandatory procedures to implement:
These checklists help internal auditors maintain focus on the audit objectives, ensure all necessary areas are reviewed, and provide a record of the audit process and findings. An ISO audit checklist typically covers various sections and processes depending on the specific ISO standard being audited.
Now let's begin with the 7 principles of ISO 9001, which are Customer Focus, Leadership, Engagement of People, Process Approach, Improvement, Evidence-Based Decision Making, and Relationship Management.
There are three types of ISO audits: internal audits (first-party audits), supplier audits (second-party audits), and external audits (third-party audits). Your choice of audit type will alter depending on your compliance and certification goals, scope, scale, and budget.
Types of Internal audits include compliance audits, operational audits, financial audits, and an information technology audits.
The 7 steps in the audit process generally cover Planning, Risk Assessment, Internal Control Testing, Fieldwork/Evidence Collection, Reporting, and Follow-Up, focusing on a systematic review from initial engagement to ensuring corrective actions are taken for operational improvement. This framework ensures comprehensive evaluation, from understanding the client's business to delivering actionable insights and ensuring accountability for identified issues.
7 key quality management principles—customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making and relationship management.
What happens during an audit? Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.
ISO 9001, ISO 14001, ISO 45001, and ISO 27001 certifications offer a comprehensive framework for quality management, environmental responsibility, occupational health and safety, and information security management, respectively.
1st, 2nd, and 3rd party audits categorize audits by who performs them and their purpose: First-party (internal) audits are self-assessments for improvement; Second-party audits are by customers or partners on suppliers to check compliance; and Third-party audits are by independent, external bodies for certification (like ISO) or validation, offering the highest objectivity.
What is an Internal Audit Checklist? An internal audit checklist is an invaluable tool for comparing a business's practices and processes to the requirements set out by ISO standards. The internal audit checklist contains everything needed to complete an internal audit accurately and efficiently.
The principles of independence, objectivity, competence, confidentiality, professionalism, due professional care, and continuous improvement are essential for the internal audit function to fulfill its role as a trusted advisor to the organization.
ISO audit preparation checklist
Make sure employees are trained and ready to discuss their roles. Fix any non-conformities from earlier audits and keep all required records easily accessible. Conduct internal audits to confirm that processes are being followed and that daily operations match the documentation.
An ISO certification will require time, effort, and improvement from all areas of the business. However, the steps that must be taken are worth it for any company. It will benefit business owners, employees, and customers.
An audit should start with a meeting of the process owner to make sure that the audit plan is complete and ready. Then there are many avenues for the auditor to gather information during the audit: reviewing records, talking to employees, analyzing key process data or even observing the process in action.