During an internal International Organization for Standardization (ISO) audit, your company assesses its quality management system (QMS) to determine if it complies with ISO 9001.

Companies use the ISO 9001 standard to demonstrate that they can consistently provide products and services that meet customer needs and regulatory requirements. Organizations also use ISO 9001 to demonstrate that they are continually improving their products, services, and processes. 

An internal ISO audit often takes place during the implementation of your quality management system as well as after certification. 

An internal audit can uncover any flaws in your quality management system and identify anything you need to improve before your external ISO 9001 certification review. 

Here are some tips to help you prepare for an internal ISO 9001 audit:

Prepare Your Workers

You have to prepare your employees as well as management for this ISO audit. Be sure they’re knowledgeable about these features of your quality management system:

    • Quality policy: Review the quality policy with your employees and ensure they all understand your quality management system. 
    • Quality objectives: Ensure your employees understand your quality objectives and how they can help achieve them. 
    • Training: Properly train your employees to perform their roles according to ISO 9001 standards.
    • Documentation: Make certain that your employees and management know where they can get updated copies of documentation for work instructions, procedures, and forms pertaining to their roles and/or departments. 
    • General audit information: Let your employees know about the scope of the internal audit, when they’ll likely be audited, and what the auditor might be checking for in their business units.
  • Interviews: Your employees should be able to answer the auditor’s questions honestly and confidently. However, if they’re unsure how to respond to any of the auditor’s questions, they should just say, “I don’t know.”

Review Documentation

Ensure your employees understand the documentation that pertains to their roles and departments and ensure the documentation is accurate. The following documents should be available:

  • Quality policy
  • Procedures
  • Scope of the quality management system
  • Process map or flowchart
  • Quality objectives
  • Work instructions
  • Forms
  • Records 

Before your internal ISO audit, go over your documentation to ensure:

  • It’s up to date with your current quality management system
  • Management has approved the documentation and your employees support it
  • Leadership and employees are using the documents correctly
  • You remove any obsolete or outdated documents

Ensure Everyone is Following the Procedures

Everyone in your company should follow all the procedures that your organization has implemented under ISO 9001 standards. 

Ensure your employees are aware of and follow any updated quality management system procedures pertaining to their roles and departments.

Take Corrective Actions

During an internal ISO audit, take action to fix any problems as soon as the auditor identifies them. If an auditor finds any issues during your ISO audit, he’ll allow you enough time to repair them. If you’re able to resolve the problems, you can still be certified. 

On the other hand, if the auditor discovers a problem in your quality management system that you’ve known about for some time but hasn’t resolved, you might not achieve certification. 

Consequently, it’s extremely important to address any issues uncovered in your internal ISO audits before your certification audit. Also, be sure that you verify the effectiveness of your corrective actions and that you have documentation to support that effectiveness.

Some of the most common major issues in quality management systems include:

  • Not defining stakeholders
  • Lack of monitoring and measurement processes
  • Lack of evaluation of internal or external risks
  • Lack of corrective action plans to mitigate risks
  • Not recording and documenting corporate knowledge effectively
  • Control of documents and data is weak

A typical corrective action plan to help address these issues includes focusing on developing clear processes to update and review your procedures.

Conduct Regular Internal Audits

If you’re performing regular internal audits, you’ll be able to uncover any issues pertaining to the requirements of ISO 9001 and fix them before your official certification audit. 

Additionally, regular internal audits help prepare everyone in your company for the ISO 9001 certification audit.

Before the Audit Ensure a Good Management Review

A good management review assesses your quality management system. Your senior management should review the following at least once a year:

  • Quality policy
  • Goals for the coming year
  • Customer feedback
  • Non-conformity issues and corrective actions
  • Status of internal audits
  • Changes to regulations and processes

You should document these management reviews according to the requirements of ISO 9001. It’s important to follow each review with an action plan to fix any issues identified in your quality management system during the review before the next internal audit.

Track Your Progress

The auditor will want to see documentation indicating that you tracked your progress while you were implementing your ISO 9001 quality management system. 

This includes evidence that you’ve been following your plan and meeting your business objectives. However, it’s acceptable to change your objectives if the business climate has changed since you set these goals. 

Be Professional

The ISO 9001 certification audit is critical to your company, your employees, and your customers. If you want your auditor to do his best work, it’s important that you provide him with a clean and organized workspace. 

So make an extra effort to ensure that all your organization’s work areas are clean and organized, including desks, offices, and floors. And organize all your paperwork or documentation and ensure the auditor can access it easily.

Before the official ISO audit, your managers should conduct an inspection to make certain that everything is neat and where it should be.

The External ISO 9001 Certification Audit

The last step before you receive your ISO 9001 certification is the external ISO 9001 certification audit. An external auditor will assess your quality management system and documentation to determine if you’ve complied with all the ISO 9001 requirements.

Based on these findings, the auditor will grant the certification or ask you to take certain corrective actions before he grants the ISO 9001 certification. 

Typically, the external audit takes place after you’ve successfully completed your internal ISO audit and have compiled at least two to three months’ worth of records and documentation from your ISO 9001 procedures.

The official external ISO 9001 audit is divided into three steps: the beginning meeting, the auditing process, and the ending meeting. 

Beginning Meeting

First, the leadership team and the external auditor meet to go over any notes from the management review meeting as well as your company’s quality objectives. 

During the meeting, the auditor talks about their role and the auditing schedule. The audit could take as long as a week, depending on the size of your company. 

Auditing Process

After the opening meeting, the external auditor goes over the processes of your quality management system guided by his audit schedule.

The auditor will then visit some or all of your departments to determine whether you’ve implemented the ISO 9001 requirements noted in your documentation. The auditor will conduct interviews with your employees to check whether they’re following these requirements. 

Depending on what the auditor finds, the auditor may decide to perform additional evaluation. During this step, you and your team will gain an understanding of what you’re doing well and what you need to improve. 

Ending Meeting

If your external auditor identifies any issues with ISO 9001 compliance, he will meet with your company’s management to voice his concerns. He will also let you correct these problems before you receive your ISO certification. 

Your auditor may even recommend some corrective actions based on his findings. He will include this information in an audit results report for senior leaders and employees to review.

However, if your auditor doesn’t find any major problems with your quality management system, he’ll issue the ISO 9001 certificate right after the audit.

Maintaining Your ISO 9001 Certification

An ISO 9001 certification lasts for three years, after which you must have another external audit to renew your certification. 

If you’ve maintained your quality management system successfully and you’re up to date with your internal audits, then the external audit should be pretty painless. In addition, if you’ve implemented an effective quality management system, then the improvements will be automatic, increasing your chances of maintaining certification. 

It’s worth the time, effort, and money to implement a quality management system in your company in accordance with ISO 9001 standards. 

And even though you may be intimidated by an external ISO 9001 audit process, an external ISO 9001 audit will help you learn more about your company’s strengths and weaknesses.