Internal audits are an important component of any organisation’s quality management strategy. In addition, ISO 9001 internal audit requirements must be met by organizations hoping to comply with the standard.
The value of internal audits
Audits enable organizations to assess the compliance of their systems, processes, and products against their self-declared organisational objectives. The results of internal audits provide impartial evaluation of an organisation’s effectiveness.
ISO 9001 is the requirement standard of the ISO 9000 family of standards. It outlines the guidelines that an organisation must follow in implementing and maintaining a quality management system. This includes conducting internal audits at regular intervals.
Clause 9.2 of ISO 9001:2015 states that “the organization should conduct internal audits at planned intervals to provide information on whether the quality management system conforms to the organization’s own requirements, the requirement of ISO 9001:2015 standards and is effectively implemented and maintained.
The results of internal audits clarify the organisation’s compliance with requirements and provide guidance for corrective action as necessary.
A systematic, independent and documented process
ISO 9001 defines an internal audit as the “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.”
Businesses are required to conduct internal audits at planned intervals to verify adherence to their management systems and compliance with ISO 9001:2015 requirements.
Organisations must plan for internal audits by scheduling them at regular intervals and allocating the necessary resources for their implementation. Management support is a crucial in this process.
The audit must be carried out in an impartial manner by auditors who are themselves not responsible for the systems, processes or products being audited. They must be free of bias and conflict of interest.
The audit must document evidence of compliance requirements by way of observations, measurements, tests or other means. The results of the audit must then be communicated to management with recommendations of corrective actions, where necessary, which must be implemented without undue delay.
Basic audit requirements
The basic requirements of an internal audit are normally established by an organisation’s quality manager and consist of six key steps:
- Plan, establish, implement and maintain the organisation’s audit program
The program should include the frequency at which the audits will take place, the methods to be used, and the person(s) responsible for carrying out the audit. The quality manager will also establish the requirements and reporting mechanisms, and ensure that results and recommendations of previous audits are implemented.
- Define the criteria and scope of the audit
An important consideration is to ensure uniformity in the criteria from one audit, because this facilitates the ability to assess progress in implementing recommendations over time. However, the criteria should also be flexible enough to be changed as necessary, so that it remains relevant to the organisation’s objectives.
- Select impartial auditors
Internal auditors should represent the company but must be unbiased and not involved in any of the activities being audited, so that there is no conflict of interest.
- Report results to management
The results of an audit are meaningless if they remain only on paper. Internal audits represent valuable data set that assess the organisation’s overall compliance to ISO 9001 as well as areas that require remedy. These must be communicated to the organisation’s relevant management structures so that the necessary action can be taken. The results of the internal audit can also be used as part of the organisation’s communications management.
- Implement recommendations and corrective actions as soon as possible
The effectiveness of these measures should then be assessed in subsequent internal audits.
- Retain the documentation as evidence of implementation
This requires documentation management systems that ensures that records are readily available at the correct access levels as required for corrective action, internal reporting, and external audits.
Benefits of an auditing checklist
ISO 9001 provides an audit checklist that organisations are required to use when conducting internal audits.
The checklist includes questions for assessing an organisation’s context, leadership, planning and quality management systems, support structures, operations, performance evaluation and areas for improvement.
Advantages of using an internal audit requirements checklist:
- Checklists provide a reference in the planning of future audits.
- Audits proceed more smoothly when auditors know the specific requirements of the audit and further introduces consistency and objectiveness to the process.
- The results documented on the checklist can be used as an internal communication platform to motivate for corrective measures and improvements.
- The checklist becomes a repository for the findings of the internal audit and form part of the organisation’s requirements management documentation.
- A completed checklist serves as evidence that an internal audit was conducted and may be reviewed by external auditors.
A free version of the ISO 9001:2015 internal audit checklist can be found here.
isoTracker and ISO 9001
isoTracker offers modular, subscription-based quality management software that’s secure, cloud-based and affordable.
This includes audit management software, which is ideal for managing ISO 9001 internal audit requirements, as well as compliance with other ISO and FDA standards.
The auditing module can stand alone or integrate with one or more of our other modules, including document control, complaints management and training management modules.