Telephone : 01908 041 464 | Email :
Quick Jump

Build an effective ISO Internal Audit Programme

3 steps to building an effective ISO Internal Audit programme

You can build an effective Internal Audit programme for your ISO Management systems quickly and easily.

We’ve laid out three steps in this short video that will help you meet the requirements of Clause 9.2 in all the ISO management systems (including 9001, 14001 and 45001). Follow these steps and you’ll soon be auditing the critical parts of your management system.

For more detail, ask us about our full ISO Awareness and ISO Internal Audit training packages.

Why should I do Internal Audits for my ISO Management System?

This presentation gives a quick overview into Internal audit programmes for ISO Management systems:

  • Why you need to do Internal audits
  • How to build an Internal audit programme
  • How to review your Internal Audit Programme

The ISO Standards require that you carry out Internal Audits for your ISO management system

See Clause 9.2 – they need you to check that you are:

  • Meeting the requirements of the standard
  • Meeting your own organisational requirements
  • Implementing or maintaining an effective management system

Clause 9.2 of ISO 9001:2015 necessitates you to establish, implement and maintain an internal audit programme in order to ensure compliance to the standard, and also your own requirements. The internal audit programme should also ensure that the system is in place and effective.

The minimum requirements for auditing are:

  • An up to date audit programme
  • Clearly defined scopes for each audit activity
  • Auditors that are impartial and competent
  • Results that are reported to the management team
  • Effective management of any findings

You will need to maintain documented evidence of the audits carried out for future analysis at management review. They will also be reviewed by external auditors as a central requirement of any ISO audits.

A management team can use an effective internal audit programme as a tool to investigate processes that are being operated in order to ensure they are being carried out as intended. You can also use the process to identify alternative approaches or amendments and improvements to how you operate.

From an external point of view, you can use the audit programme as a means to demonstrate to customers and regulators (including Certification Bodies) that you have your processes under control.

Effective audits will help ensure the suitability and adequacy of your QMS. They will improve the effectiveness of the systems, internal processes, and governance.

Is there a difference between an internal and external audit?

  • External audits are carried out by a third-party certification body, customers or a regulator. These will be against the criteria set by the Standard. Findings can potentially be used in prosecutions, commercial arrangements or loss of certification.
  • Internal audits will be carried out by a competent internal person, or a contracted consultant and will be against a programme determined internally. Findings are managed internally and provide evidence that your system is effective. You have to carry out internal audits; external audits cannot serve as a proxy.