Conducting an Internal Audit for ISO

For a free trial of the Qualtrax eQMS: https://www2.qualtrax.com/l/32172/202...

In this webinar with A2LA, we heard from Jonathan Fuhrman, their product certification program manager, about best practices for conducting an internal audit for ISO.

Why do we perform internal audits?

There are multiple reasons that your organization might need or want to conduct an internal audit. First off, the audit records can serve as an objective picture of where your organization stands in respect to quality and compliance goals. Beyond that, audits can be an investigative exercise to look for opportunities for improvement.

One major reason for conducting internal audits is to meet third-party requirements (like from your accrediting body!).

You could also use the results of internal audits to serve as a status report for management. It’s going to give them insight into where the organization stands and where it’s headed in relation to its goals. It can give management an idea of how to steer the organization moving forward.

Jonathan says you need somebody who has a solid understanding of the management system and the objectives. They also need to be familiar with the history of the company and a background in the areas of the audit. You want someone who is going to be able probe and analyze without giving off an interrogative vibe when they’re interviewing the team. Positivity and objectivity are important. The auditor needs to maintain independence throughout the audit – so you don’t want people to be grading their own work. Audits are about finding facts, not faults so the auditor should really focus on verifying compliance. Audits shouldn’t give the auditor “joy” when writing deficiencies.

An ideal auditor also needs to have strong communication skills. They need to keep it simple by being clear, brief, direct, and focused. It’s also important to realize that there are three ways of receiving information: seeing, listening, and experiencing (spend most of your time listening). They also need to know how to express comments and questions in a positive way.

Audit Reporting and Follow-Up
The outcome of the audit needs to be documented. The contents of the report need to include a factual description of the audit activities it covers and provide a fair and accurate picture of the quality system audited. Jonathan also recommends including a discussion about the planning and sampling methodology.

In preparation for the company’s next internal audit, the following should be considered for placement on the audit schedule for the next internal audit:
Any area with questions arising from the last audit,
Any area that had deficiencies identified,
And any areas not fully evaluated.

Internal audits are compliance based and all deficiencies must directly relate to the relevant standard, method, etc and they must be supported by objective evidence. Be sure to plan and prepare for the internal audit and use the right people for the job. Check out Qualtrax to see how we can help your organization move beyond compliance!