WHAT IS AN ISO INTERNAL AUDIT?
An ISO internal audit is the systematic approach of gathering and assessing the details about an organization’s processes to identify their level of compliance with their adopted standard. Normally within 3 years, an organization will have both ‘internal’ and ‘external’ audits completed.
Internal audit, which is performed independently by an organization may use internal employees or either an ISO consultant which is equipped with knowledge and experience of your industry. Internal auditing is an evaluation of the efficiency and effectiveness of a certain organization. An external audit, on the other hand, is done to appraise your organization’s compliance with the standard. External audits are carried out by third-party auditors that are affiliated with a Certification Body.
ISO standards require internal audits. However, it cannot give you an ISO certificate.
OBJECTIVES OF INTERNAL AUDITS:
Internal audits are performed in order to determine the efficacy of an organization’s quality and risk management systems in compliance with one or more ISO standards. Different companies conduct internal audits to evaluate and further enhance the effectiveness of their organization’s capacity by putting an emphasis on any shortcomings and ensuring every action is geared towards successful compliance.
THE PROCESS OF INTERNAL AUDITS:
To be able to clearly define the objectives, a well-planned internal audit process is of utmost importance. The process must include a schedule set for every activity as well as deadlines for each. Remember that all tasks that are subject to execution must be clearly defined to avoid mistakes, as much as possible.
Step 1: Clearly Define the Audit Objectives
Before the audit, conduct planning and gather the relevant information. The assigned auditor should be able to define the audit objectives and scope. He then starts to develop the audit scheme to properly define the audit testing method. This step usually involves a thorough review of the results from the last time an audit was conducted in a particular area.
Step 2: Audit Announcement
Once the objectives have been clearly defined, it is time to issue an audit engagement memorandum to the person in charge of the area where the audit will take place. The purpose of the memorandum is to announce the audit objectives, to break down into pieces the planned review process, and to set the expectations for the outcome of the audit
Step 3: Audit Entrance Meeting
An auditor must initially meet with the auditee to talk about the scope and audit steps. During this meeting, the auditee should be able to provide an outline of major programs and activities, contact persons, policies and procedures, as well as other relevant details that will support the auditor during the auditing. The length of the audit should also be discussed by both parties.
Step 4: Field Research
After the discussion at the meeting, the auditor will then gathers the information and conduct audit testing to gain an understanding of internal activities. Examining the evidence and other relevant records whether effective internal controls took place.
Step 5: Reviewing and Transmittal of Results
If the auditor finds potential weaknesses or violations in policy or procedure during auditing, they should be discussed with the auditee to determine the most appropriate corrective actions and preventions. The auditor must fully discuss any observations with the auditee to ensure that those identified issues and their associated risks are understood.
Step 6: Exit Meeting
The auditor formally meets with the management to talk about their observations and audit recommendations that will be included in the audit report. The recommendations must be discussed and explained thoroughly and must be agreed upon by both parties. This is done to make sure that the auditee’s response is achievable.
Step 7: The Audit Report
The management, upon receiving the audit report must review all audit issues as well as the agreed recommendations by the auditor for accuracy and completeness. After the review, the auditee must be able to present a formal response with the proposed action plan.
FOLLOW UP AUDITS
In case there were significant observations included in the audit report, a follow-up audit must be conducted within 6 to 12 months after the completion of the original audit. During that time, the auditor may request details about the status of the agreed corrective actions by the auditee/management.
INTERNAL AUDIT CHECKLISTS
An internal audit checklist is a great reference to make sure that the proposed steps of the internal audit are executed effectively and appropriately.
TWO TYPES OF AUDIT CHECKLIST:
- Supplier Audit Checklist
- Process Audit Checklist
Supplier Audit Checklist – the supplier audit checklist is designed to help suppliers determine the compliance of a company with the requirements from ISO 9001 standards.
Process Audit Checklist – the process audit checklist is used to assess the company’s different processes for performance within ISO 9001 requirements. It has an almost identical template with other checklists but is shorter in form.
The only difference between the two checklists is the tables and details as shown. Although the process audit checklist has audit questions, just like the supplier checklists, the major difference lies in the opportunities for improvement box, known as the OFI. This is the portion where suggestions and comments to improved are placed.
There is no doubt that internal audits offer many benefits to organizations. They support companies in setting the benchmarks for continual improvement of existing processes and systems, address any issues that stem from existing processes, and prepare them for ISO 9001 certification.
If your company is planning its next internal audit, preparing an internal audit checklist such as those mentioned above will significantly make the process go flawlessly and well-organized.