Audit is defined by ISO as “Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.” Internal audits are also called first party audits. They are undertaken to assess the working of the organizations Quality Management System and its conformance to ISO 9001:2015 and regulatory and statutory requirements. They also provide inputs to the management review and help in improving the system. They also find out the non conformities and lead to corrective actions to remove the cause of nonconformity. Internal Auditing

Reasons for a first party audit

  • It is required by ISO 9001:2015 clause 9.2
  • Provided feedback and control for management
  • Leads to the correction of nonconformities before the external auditors find them
  • Leads to systematic improvement of the quality management system

Systematic means that the organization must plan its audits in a comprehensive and detailed manner for evaluating and clarifying how business systems are working.  Independence is assured by employees auditing a department to which they don’t belong. Objectivity is an unbiased mental attitude in which no compromises are made. Audit criteria is the set of policies, procedures or requirements against which the audit is conducted e.g. ISO 9001, ISO 14001. Audit scope defines when, where and what shall be audited. Scope of your internal audit program should cover the following:

  • Operational process audit in order to determine conformity of products and services to customer and regulatory and statutory requirements.
  • QMS audit for determining conformity to ISO 9001:L2015.
  • QMS audit for determining conformity to Quality Management System requirements.
  • QMS processes and its interaction audit for determining if the QMS is effectively implemented as well as maintained.

When setting the time frame for the audit the organization should consider the organization size, complexity of processes and products, customer, regulatory and statutory authorities and health of your QMS. Normally internal audits are held every six months. You may have to readjust the time frame for audits depending on the following factors:

  • External or internal nonconformities
  • Complaints from customers
  • High risk or critical processes
  • Significant or frequent changes to products and processes

You should consider the following when conducting an audit

  • Results from previous audits
  • Customer focused processes
  • Product and process expectations and performance results
  • Continual improvement opportunities
  • Customer feedback

ISO 19011 Guidelines for quality and environmental auditing says that auditors must have knowledge of the quality management system standards and their application with respect to the organization. The organization must set aside appropriate resources for the internal auditing. There should be trained auditors in sufficient numbers and sufficient time to conduct the audits. Personnel from the department to be audited should be available. Auditors cannot audit their own work. Auditors must have independence and ensure objectivity and impartiality during the audit. If nonconformities are detected during the audit, the department concerned should apply the corrective action procedure and undertake root cause analysis to find out the reason for nonconformity and take steps to remove it. The manager of each process should analyze the results of audits to find out the strengths and weaknesses in the QMS processes and products. They should find out opportunities for improvement and prioritize them. Audit records should be kept and comprise of the annual audit schedule, audit planning for example scope, criteria, frequency, auditor selection and methods, auditor competence & training, audit forms and checklists, audit notes & other evidence, audit findings, audit reports as well as corrective actions and audit follow up for resolution of nonconformities and capitalizing on  opportunities for improvement.

Categories of Quality Audits

  • System Auditslook at a management system having a number of processes and is spread ove many departments.
  • Process Audits are focused on auditing a particular process or department.
  • Product Auditsare focused on auditing the product or service itself, It may be an inspection activity.

Audit stages

  1. Determine audit focus
  2. Make preparation
  3. Perform audit
  4. Report findings in initial findings report
  5. Determine corrective actions
  6. Update findings report with corrective actions
  7. Conduct corrective actions
  8. Update the findings report when actions have been completed
  9. Do follow up
  10. Closure

Benefits of Quality Audit

  • It is a driver of continuous improvement
  • Allows management to know about problems
  • Delivers inputs for management decisions
  • Demonstrates management support of the quality management program
  • Verifies compliance to ISO 9001 and legal requirements


Some guidelines for effective internal auditing the auditor are as follows

  • Not to be biased
  • Keeping an open mind
  • Not to be argumentative
  • Being patient
  • Should let the participant know that audit is for continuous improvement
  • Should state the facts always
  • Should not correct the participant on the spot
  • Should report clearly and accurately
  • Should be familiar with the procedure being audited