QMS Certification Blog

Your Internal Audit Should Follow These 4 Steps

There are two main types of audits in the ISO certification cycle. The external audit, which is done by a registrar just like QMS, and an internal audit, which is conducted within the organization. It is important to note that conducting an internal audit is not optional and it is required to get an ISO certification for your company. Let’s look at the 4 steps that take part in an effective internal audit.

In a nutshell, internal audits help you prepare for external audits. It is used to assess readiness for ISO certification and conformity to the requirements of the ISO standard. In addition, internal audits evaluate effectiveness of your management system, but in order for them to provide value we recommend the following steps to take place.


Planning is Key

The first step for an effective internal audit is planning and programming both the frequency of audits and which processes will be covered in each of them. How often internal audits will be conducted is up to you and this should be dependent upon your scope of work and your own criteria. Some points to consider are the complexity, risk and maturity of each of your company’s processes.

At this stage, your company should develop specific timetables detailing which processes will be audited and when. This should be shared in advance within your organization to the relevant people involved.


Competent Auditors

This second step in the internal audit deals with competence of the person in charge of the activity. Whether the auditor is someone within your organization, or an outside person hired specifically for this task, the auditor should have knowledge on the ISO standard and the proper credentials to perform an internal audit of your management system. The auditor must remain objective and impartial at all times.



Much like planning and programming, communication is a very important aspect of an internal audit. The audit should be concluded with a closing meeting where all findings are communicated. These can include non-conformities, positive observations and recommendations for improvement. How the findings are communicated is also key, the idea is to do so in a constructive and positive manner that leads to continuous improvement.



Last but not least, recording and monitoring results is the last step of an effective internal audit. It is imperative  for the company to keep record of all findings as they will be checked during the external audit.

In addition, non-conformities should be taken care of and improvements should be made. At this stage, your company should assign and establish roles and responsibilities in monitoring the actions that are needed to deal with implementation and improvement.

For an internal audit to be effective, it should be done with a teamwork approach, remembering at all times its main objective: to make sure your company runs effectively and adding value to your processes.

To get more information about ISO certification, or if you need assistance finding an internal auditor near your area, don’t hesitate to email us at contact@qms-certification.com.


QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

Compliance in the Third Sector Understand Its Importance

Compliance in the Third Sector Understand Its Importance

The third sector is a sphere of economic activity that encompasses non-governmental organizations (NGOs), associations, foundations, and other entities that operate for social, environmental, cultural, or community development purposes, but which are often used for fraudulent activities, hence the relevance of compliance in the third sector.

Become an ISO Certification Auditor

Become an ISO Certification Auditor

Everything you need to know about becoming an ISO certification auditor (ISO 9001, 14001, 45001, and other standards) and achieving professional success!

Scroll to Top