An internal audit is a process of gathering evidence to determine the conformity of the Quality management system to the requirements of ISO 9001. Evidence gathered is applied to determine whether the audit criteria are fulfilled and the extent of fulfillment. Audits must be conducted objectively and independently in an impartial manner and in a professional as well as businesslike environment. Instead of acting like a cop, the auditor should move in like a physician exploring the system to know its health. The auditee should be reassured that the aim of the audit is to strengthen the QMS. The audit should be thoroughly documented and conducted in a systematic manner.
Internal audit is the first-party audit. It is a required process under ISO 9001, meant to verify whether QMS is implemented completely, and effectiveness is being maintained and improved upon. An Internal auditor can’t audit his own area of responsibility. A qualified audit team can issue a self-declaration that the organisation complies with the requirements of ISO 9001.
Audit criteria for Internal audit
Audit criteria are the requirements of the ISO 9001 standard of the 2015 version. Legal requirements, procedures, and policies can also be used as audit criteria in different types of audits.
Internal audit process requirements:
Clause 9.2.1 of ISO 9001:2015 states the objectives: Conduct internal audits at planned intervals to provide information on whether the quality management system:
- Conforms to the organisation’s own requirements
- Requirements of ISO 9001 internal audit, are effectively implemented and maintained;
Clause 9.2.2 states the mandatory requirement to Plan, establish, implement, and maintain the audit program. The audit program must establish methods, frequency, and responsibilities. Audit Planning is a requirement and audit reporting must be taking into consideration(keeping in mind) the (relative)importance of the processes as well as the changes affecting the organisation’s as well as the results of previous audits.
An Internal Audit program must ensure that:
- Scope, as well as audit criteria, are defined for each audit,
- The auditor’s (team) selection and conducting of the audits must ensure an objective as well as an impartial auditing process
- Audit results must be reported to the relevant management
- An organisation must initiate, plan and implement necessary correction and corrective actions (measures) without undue delay (in an expeditious manner)
- Retain evidence (documented information to be retained) of implementation of the audit program as well as audit results (Mandatory documented information).
Internal audit: a critical process for ISO 9001 certification
Internal audit is a critical process for maintaining the health of organisation’s business processes and the QMS as a whole. ISO9001 consultants can train and guide you to build effectiveness in the critical processes and enable you to navigate to the successful certification to the requirements of the standard. The certification auditors will verify whether internal auditors are qualified, whether critical processes are covered by auditors, whether process approach is verified by auditors, and whether the effectiveness of corrective actions has been verified and lessons learned from nonconformities have been adopted in other areas and processes of the organisation. Results of internal audits must be reviewed in management reviews and necessary changes to QMS and the critical processes may be considered by the top management in the light of the audit results.