What Are ISO Internal Audits?

What Are ISO 9001 Internal Audits?

ISO 9001, ISO/TS 16949, AS9100 and TL9000 internal audits are required to be conducted to determine the effectiveness and efficiency of a company's processes and system in meeting customer requirements.

What Are ISO 14001 Internal Audits?

ISO 14001 internal audits are designed to determine if an organization's environmental management system is adequate to prevent pollution and reduce the use of natural resources.

Internal Auditing is a high-value skill that current and prospective employers look for in employees. Even those companies that are not certified to ISO 9001 or another quality management system standard recognize the value of the knowledge a person has when they understand the importance of the process approach to managing for superior results.

ISO 19011 Auditing Guidelines

The guidelines for auditing to ISO 9001 are covered in ISO 19011 or the U.S. version QE 19011s:2004 - Guidelines for quality and/or environmental management systems with supplemental guidance for small business. As you probably noticed this guideline also covers auditing to the environmental standard ISO 14001.

If you are performing conformity assessments and certification audits you must also comply with ISO/IEC 17021:2005. This document is for organizations that used to be called "Registrars" and are now referred to as Certification Bodies or CBs for short. CBs are audited to make certain they are following the auditing requirements and their auditors are competent. These type of audits are called "witness audits".

Audit Categories

There are two (2) basic categories of audits: External and Internal.

External audits are divided into two sub-categories:
Second (2nd) party, and Third (3rd) party.

Second party audits are where a supplier is audited by their customer.

A third party audit is where an independent organization performs the audit. For example, a certification audit is a third party audit because neither the customer nor supplier are performing the audit.

There are three (3) parties to every audit:

1. Client - The organization or person that has the authority to order the audit to be  conducted
2. Auditee - The organization to be audited
3. Auditor - The person(s) performing the audit.

In addition, there should be guides/escorts provided for external auditors. The guides or escorts must be knowledgeable of the complete system.
They will provide the auditor with the requested documents and records, acquaint the auditor with the company's rules regarding safety requirements and other general rules.
They should accompany the auditor during the auditor's movements throughout the company and make the introductions to the employees the auditor wants to interview.

ISO Internal audits

The internal audit is conducted by employees of the auditee. The auditee is also the client in first party audits. Some organizations have found it to be beneficial, from a cost, time and results standpoint, to sub-contract their internal auditing to consulting and auditing companies.

By sub-contracting the audit function to an outside contractor the company gets to see their operations through a fresh pair of eyes. Sub-contracting the auditing for ISO 9001, ISO/TS 16949 and AS9100 is permissible under the guidelines and the audits are still considered to be internal.

Internal Auditor Qualifications

What qualifications are needed for internal auditing to ISO 9001? That depends on the requirements set by the organization with guidance from their CB, if the organization is certified to ISO 9001.

The CB auditor's responsibility is to determine if the internal auditors are competent by auditing the results of the internal audit program. They can't demand or require any specific qualifications for internal auditors other than they are able to effectively conduct the audits as described in the organization's audit program.
                                                                                  
Certified Internal Auditor?

QPA offers a course to certify internal auditors for auditing to ISO 9001. QPA's ISO 9001 Online Internal Auditor course is offered as an eclass.

Most online internal auditor courses are sufficient to learn the fundamentals of auditing. The online learning needs only to be supplemented with practical experience by working with accomplished auditors in their company.

Internal Auditor Training Guidelines

In the U.S., an organization called RABQSA has issued guidelines for auditor courses. This includes lead and internal auditor courses. Therefore, any ISO 9001 auditing course needs to conform to these guidelines.

The ISO 9001 auditing course should include the following content and structure based on ISO 19011:

* An Introduction to Internal Auditing
* A complete review of ISO 19011:2002 or QE 19011s:2004
* Auditing for Improvement
* Purposes for internal audits
* Benefits of internal audits
* The audit cycle
* Keywords and definitions
* A complete review of ISO 9001:2000
* Audit planning and preparation (scope, purpose, depth, duration, etc.)
* Audit meetings
* Audit documents
* Auditor responsibilities
* Auditor attributes and skills
* Communication do's and don'ts
* Interviewing skills and the type of questions to ask and not to ask
* Documenting the audit findings
* Reporting the audit results
* Corrective action and follow-up.
* Workshops and/or case studies

If the course is to conducted by an external party or training company the instructor should be certified as an ISO 9001 auditor or lead auditor. This is not required if the company uses their own employees to train other auditors. However, it is recommended. 

What are Quality Management Systems?

What is ISO 9000?

What is ISO 9001?

What is ISO 9004?

What is ISO 19011?

ISO 9001-2008 Changes

Online ISO 9000/9001 Overview Course

Auditor Training: Online

Auditor Training Courseware

Additional Information Resources