Internal audit is a process of gathering evidence to determine the conformity of the Quality management system to the requirements of ISO 9001. Evidence gathered is applied to determine whether the audit criteria are fulfilled and extent of fulfilment. Audits must be conducted objectively and independently in an impartial manner and in a professional as well as businesslike environment. Instead of acting like a cop, the auditor should move in like a physician exploring the system to know its health. The audited should be reassured that the aim of the audit is to strengthen the QMS. Audit should be thoroughly documented and conducted in a systematic manner.
Internal audit is the first party audit. It is a required process under ISO 9001, meant to verify whether QMS is implemented completely, and effectiveness is being maintained and improved upon. Internal auditor can’t audit his own area of responsibility. A qualified audit team can issue a self-declaration that the organization complies with requirements of ISO 9001.
Audit criteria are the requirements of ISO 9001 standard of 2015 version (or 2008 version for sometime). Legal requirements, procedures and policies can also be used as audit criteria in different types of audit.
Internal audit process requirements:
Clause 9.2.1 of ISO 9001:2015 states the objectives: “Conduct internal audits at planned intervals to provide information on whether the quality management system:
- Conforms to
The organization’s own requirements
Requirements of ISO 9001,
- b) Is effectively implemented and maintained”.
Clause 9.2.2 states the mandatory requirement to “Plan, establish, implement, and maintain the audit program”. Audit program must establish methods, frequency, responsibilities. Audit Planning requirements and audit reporting must taking into consideration(keeping in mind) the (relative)importance of the processes as well as the, “ changes affecting the organization” as well as the results of previous audits.
Internal Audit program must ensure that:
- a) Scope as well as audit criteria are defined for each audit,
- b) Auditors’ (team) selection and conducting of the audits must ensure objective as well as an impartial auditing process,
- c) Audit results must be reported to “relevant management”
- d) Organization must initiate, plan and implement necessary correction and corrective actions (measures) without undue delay (in an expeditious manner)
- e) Retain evidence (documented information to be retained) of implementation of audit program as well as audit results (Mandatory documented information).
Internal audit: a critical process for ISO 9001 certification
Internal audit is a critical process for maintaining the health of organizations business processes and the QMS as whole.ISO9001 consultants can train and guide you to build effectiveness in the critical processes and enable you to navigate to the successful certification to the requirements of the standard. The certification auditors will verify whether internal auditors are qualified, whether critical processes are covered by auditors, whether process approach is verified by auditors and whether effectiveness of corrective actions has been verified and lessons learnt from nonconformities have been adopted in other areas and processes of the organization. Results of internal audits must be reviewed in management reviews and necessary changes to QMS and the critical processes may be considered by the top management in the light of the audit results.