Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

10 Tips for the ISO 9001 Internal Audit

The ISO 9001 internal audit is a mandatory requirement when certifying to the standard for a Quality Management System. Not only does it check that you remain compliant to the requirements of the standard, but it also gives senior management confidence that the Quality Management System is providing the benefits to the business it is expected to.

In this short blog, Ted Spiller, CertiKit’s Compliance Consultant, provides his 10 tips to conduct a successful ISO 9001 internal audit. As an auditor with experience both as an internal auditor and a 2nd party auditor, he has learnt the things that work well and those that don’t and hopes these recommendations will help with your internal audit.

Tip 1 – Preparation

The audit schedule should have the areas of the standard that need to be audited, so make sure you know what you are expected to audit.  A week or two before the audit, ask the auditee(s) for any relevant documents, these could be standard operating procedures, work instructions etc., to review.  These will help you to identify associated documents to check during the audit as evidence that the auditee(s) are doing what they are supposed to be doing. Take some time to review the previous internal audit for the auditee(s). Are there any nonconformities or observations that need to be followed up?

Tip 2 – Prepare your questions

Whilst reviewing the documents start writing down the questions you may want to ask to clarify areas of the procedures or processes. Make sure your questions are open and not closed. You are trying to get information and a closed question will result in a yes or no answer. I like the ‘describe to me or explain to me’ open questions.

Tip 3 – Be an investigator and not an interrogator

The audit isn’t a witch hunt. You must be impartial and level-headed. You are more a detective than an inquisitor. Be a listener.  When asking a question allow the auditee time to answer and don’t be tempted to jump in if the auditee doesn’t answer straight away.  Use the silence to encourage a response from the auditee.  Be prepared to ask the question from a different angle if the auditee isn’t sure what exactly you are asking.

If it is a process that you are auditing, then get the auditee to walk you ‘along’ that process. This is a good way to actually ask those doing the process questions that may clarify the process.

Tip 4 – Stick to the ‘script’

The auditor must stick to the scope of the audit and not go off track. You are looking for compliance and not how the department conduct their work.

Tip 5 – Be open and honest

Leading on from the previous point, if you don’t understand the answer, ask the auditee to explain further. The audit is a two way communication forum, and both the auditor and auditee must have a level of trust and honesty. A friendly demeanour helps break down barriers and promotes open communications.  If you see or hear something that doesn’t look right, tell the auditee, there may be a reason for it. Let them explain.

Tip 6 – Do not labour points

Don’t get embroiled in a heated exchange if either the answer you get is not to your liking or the auditee becomes defensive.  Remember, be level-headed and professional.  If it seems you are going around in circles, park that question for clarification or expansion later. But make sure you revisit it.

Tip 7 - Keep good notes

The tip above is one reason to keep good notes, for points you want to revisit. Keeping good notes will help when it comes to producing the ISO 9001 internal audit report too. I find it useful to sketch processes if they are complicated with notes at each stage. In your notes highlight those that are observations or nonconformities along with the reasons.  Try and keep your notes legible, you may need to show them to the auditee as you go through the audit and maybe share them with the lead auditor after the audit.

Tip 8 – Hold a closing meeting

If the audit goes on longer than expected, I have seen some auditors drop the closing meeting stating that all the findings will be in the report. This is wrong.  The closing meeting is important and is used to clarify your findings, explain to the auditee(s) any observations and/or nonconformities and a chance for them to contest them or come up with some actions to either implement the observations or correct the nonconformities.  Even if you have to have the closing meeting the next day, don’t just drop it.

Tip 9 – Get the report out quickly

While it is fresh in your mind complete the audit report. Check the information against your notes and make sure you identify the relevant documented information used to verify compliance, such as checklists, meeting notes, etc. Once you have completed your report send it to the Lead Auditor to review it, there may be a few tweaks or clarification that they suggest go in. Once complete send a copy to the auditee and the Lead Auditor. As a rule, I get my audit reports out within 48 hours at the latest.

Tip 10 – Follow up any actions

During the closing meeting, if there were any nonconformities, the auditee(s) would have discussed initial actions to address them. These would be included on the nonconformity form. This form must go to the auditee(s) for them to complete the section on actions and completion dates.  As the auditor, you need to check up on these. I always put a reminder on my calendar the week before a nonconformity is due to be ‘fixed’. On that day I contact the person responsible to complete the solution to see how it is progressing and if they are going to close the nonconformity on the agreed date. If you don’t do this then, in my experience, nonconformities just don’t get closed. Which in itself a nonconformity.

The ISO 9001 internal audit is an important part of the standard and is a crucial part in the continuous improvement and a measurement of the efficiency of it. I hope you have found these tips useful.


More ISO9001 Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO9001:2015 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free ISO9001 Resources

We’ve helped more than 7000 businesses with their compliance

Testimonials

The structure is excellent, clear, precise and easy to digest. The content is professional and the guidance is extremely helpful. I cannot fault it!

HSDC
UK

View all Testimonials