Telephone: 01908 041464 | Email:

6 easy steps to better ISO 9001 internal audits

Friday 23rd September 2016

6 steps to better ISO 9001 internal audits 

If you are part of a company which has ISO 9001 internal audits for your quality management system, you will be only too aware of the frustration these can sometimes cause. If you are one of the large number of companies that sees no value in the Internal Audit, it’s time to take a fresh approach. Follow these 6 easy steps and you'll be on your way to better ISO 9001 2015 internal audits. 

There are some basics that you have to have in place of course. You must have an Internal quality audit plan, you must have competent auditors, and you should have a management review process that is working. These are all requirements an ISO 9001 external auditor will check. 

In our experience, a good Internal Audit programme starts with the Management Review. If your management team are engaged with the quality system, you can have a good discussion to plan the audit activity. (Note though that the length of time you plan ahead is yours to decide, although you should have a good idea that over the course of a three year certification period, you will aim to look at all the processes in the scope of the system, and also check that you meet the requirements of the ISO management system).

Step 1. Let the management review team agree

If the management review team can have a good discussion about the areas they want to audit, they will be more enthused to see the outcomes of the internal audit. For example, if they see or perceive problems in a certain area, then an internal audit (which is an investigation) will help bring clarity to the situation. (Depending on the amount of material you get through, this could occur at the review meeting, or as a separate discussion which is signed off at the MR)

Step 2. Agree the ISO 9001 Internal audit plan

For each internal audit you agree to carry out, you can then decide the things you are going to look at. This will help inform who is going to audit, and how. For example, if the area being audited is very technical, then you should have someone who understands what’s going on during the audit. If they are not trained, have them accompany the auditor. The critical thing is that you gain useful and practical information to report back to the management team.

Big tip here; if you do this for each audit activity, and detail it on a table, you’ve just made a really useful audit programme.

Step 3 Do the ISO Internal audit

Go and do the audit. Remember that good planning is important; find out what you can about the process or area beforehand, plan and list out what you want to check, discuss it with the auditees and then follow it through.

Step 4. Detail the Internal Audit findings

There are multiple findings from an internal audit. From the details of what you’ve seen, you need to be able to detail what’s going on according to the planned arrangements (e.g. process maps, procedures, or other requirements), and also what is not following those arrangements. In addition, there may be some observations that you see; things that you or the auditees think could improve, or things that don’t go well but no one has done anything about to correct.

Now this next suggestion may prove challenging to some; DO NOT DECIDE ON THE NON-CONFORMANCES AT THIS STAGE. After all, your management review team wanted this audit to take place, so take the findings back to them and discuss them. Let them decide whether or not the situations you found are non-conformances. (Note again; this might be at the management review meeting, or at a separate working session depending on what you have to get through - you don't want the Management Review meeting to get bogged down in detail) 

Step 5. Discuss the findings and agree Corrective Actions

At this stage, you are going to take the audit findings back to the management review team. Take a relevant person from the area or process you audited as well, and then you can discuss what you have found. This is a great way to short cut a lot of delays that many organisations find in closing out non-conformances because if the management decide it needs fixing, it will be fixed. They will help prioritise the activity.

Step 6. Decide on the next audit

Now go and repeat Step 1. Over time, your ISO 9001 internal audits will begin to reveal more and more opportunities for improvement as your skills increase. 


Congratulations, you’ve now achieved more than many organisations:

  • You’ve got good management commitment to the ISO 9001 Internal Audit programme
  • You’ve got an effective method of prioritising ISO 9001 Internal Audit non-conformance
  • You’ve got commitment from the rest of the organisation to get the ISO 9001 Internal audits done

Related Articles

5 steps to improve your Quality Management System
New Year objectives for your ISO 9001 Quality system
Tips on choosing an ISO 9001 Certification Body

Adam Faiers - Director

Adam has been working on Quality and Environmental management systems for most of his career in small, medium and corporate organisations. A keen advocate of the ISO approach as a platform for improvement, Adam ensures that systems are practical and useful for Managers and Staff to use.

Following a number of years working on software development projects, Adam has diversified into Information Security and Business Continuity management. Keen to formalise his industry experience, he is currently undertaking a Diploma in Business Continuity Management at Buckingham University.

Adam has a PhD from Cranfield University and now supports the MSc Environmental Management programmes through the advisory panel and visiting lectures.

We hope this article has been helpful

If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:


Tel: 01908 255 525