There are two main types of audits in the ISO certification cycle. The external audit, which is done by a registrar just like QMS, and an internal audit, which is conducted within the organization. It is important to note that conducting an internal audit is not optional and it is required to get an ISO certification for your company. Let’s look at the 4 steps that take part in an effective internal audit.
In a nutshell, internal audits help you prepare for external audits. It is used to assess readiness for ISO certification and conformity to the requirements of the ISO standard. In addition, internal audits evaluate effectiveness of your management system, but in order for them to provide value we recommend the following steps to take place.
Planning is Key
The first step for an effective internal audit is planning and programming both the frequency of audits and which processes will be covered in each of them. How often internal audits will be conducted is up to you and this should be dependent upon your scope of work and your own criteria. Some points to consider are the complexity, risk and maturity of each of your company’s processes.
At this stage, your company should develop specific timetables detailing which processes will be audited and when. This should be shared in advance within your organization to the relevant people involved.
This second step in the internal audit deals with competence of the person in charge of the activity. Whether the auditor is someone within your organization, or an outside person hired specifically for this task, the auditor should have knowledge on the ISO standard and the proper credentials to perform an internal audit of your management system. The auditor must remain objective and impartial at all times.
Much like planning and programming, communication is a very important aspect of an internal audit. The audit should be concluded with a closing meeting where all findings are communicated. These can include non-conformities, positive observations and recommendations for improvement. How the findings are communicated is also key, the idea is to do so in a constructive and positive manner that leads to continuous improvement.
Last but not least, recording and monitoring results is the last step of an effective internal audit. It is imperative for the company to keep record of all findings as they will be checked during the external audit.
In addition, non-conformities should be taken care of and improvements should be made. At this stage, your company should assign and establish roles and responsibilities in monitoring the actions that are needed to deal with implementation and improvement.
For an internal audit to be effective, it should be done with a teamwork approach, remembering at all times its main objective: to make sure your company runs effectively and adding value to your processes.