INTERNAL AUDIT company’s management policies and

policies whilst providing suitable objective

What is an Internal Audit? The purpose of information that your company can act upon
an internal audit is to assess the to continually improve its performance.
effectiveness of your organization’s quality
management system and your organization's Adherence to the following principles are
overall performance. Your internal audits considered to be a prerequisite for ensuring
demonstrate compliance with your ‘planned that the conclusions derived from the audit
arrangements’, e.g. the Quality Management are accurate, objective and sufficient. It also
System (QMS) and how its' processes are allows auditors working independently from
implemented and maintained. one another to reach similar conclusions
when auditing in similar circumstances.
Why perform Internal Audits?
The following principles relate to auditors.
1. Ensuring compliance to the 1. Ethical conduct: Trust, integrity,
requirements of internal and industry confidentiality and discretion are
standards & regulations, and customer essential to auditing
requirements 2. Fair presentation: Audit findings,
2. To determine the effectiveness of the conclusions and reports reflect truthfully
implemented system in meeting specified and accurately the audit activities
objectives (quality, environmental, 3. Professional care: Auditors must
financial) exercise care in accordance with the
3. To explore opportunities for importance of the task they perform;
improvement 4. Independence: Auditors must be
4. To meet statutory and regulatory independent of the activity being audited
requirements and be objective
5. To provide feedback to Top 5. Evidence-based approach: Evidence
Management must be verifiable and be based on
samples of the information available.
The auditor should avoid:
Selection of Auditors
1. Finding guilty parties or specifying
that a particular person made a
mistake; Competence level may be measured by
2. Seeing problems universally; training, participation in previous audits and
3. Producing an evasive report; experience in conducting audits. Auditors
4. Applying unnecessary technical may be external or internal personnel;
terms; however, they should be in a position to be
5. Lauding their own work. The report impartial and objective.
should have a natural and
straightforward tone. When internal personnel are selected to
perform an audit, a mechanism needs to be
Principles of Internal Auditing established to ensure objectivity, for
Auditing relies on a number of principles instance, a representative from another
whose intent is to make the audit become an department may be selected to do the audit.
effective and reliable tool that supports your
Audits are demanding and require various
forms of expertise. The size of the audit simply good audit practice. Putting these
team will vary pending the size of the sections into a worksheet format gives
organization, size and type of operations and auditors a guide to follow, to ensure the
the scope of the audit. relevant links are audited.

The Human Aspect of Auditing

Preparing for the Audit
Good auditors realize very early on that they
Before the audit, prepare thoroughly! are dealing with personalities as much as
Spending time in preparation will make you processes, systems, and papers. Whilst the
much more effective during the audit - you intent of the audit is a serious one, often
will become a better auditor. Auditors light humor, politeness and diplomacy are
should not skip this step as it provides much the best ways to build rapport. It is vital to
needed value to the audit. Taking the time to note that every effort is made to reassure
prepare and organize actually saves time those being audited that the audit’s primary
during the audit. function is to drive improvement, not to
name and shame.
You should have an up-to-date audit
schedule and a well-defined audit plan for If you are new to auditing, acknowledge this
each process. Be sure to communicate the fact, be open and honest. It is also important
audit schedule to all parties involved as well to explain to the auditees that they are free
as to Top Management as this will help to express their views during the audit.
reinforce your mandate. Remember that you, the auditor, are also
there to learn.
Gather together all the relevant documented
information that relates to the process you Always discuss the issues you have
will be auditing. Look at process metrics, identified with the auditees and always
work instructions, turtle diagrams, process provide guidance on what is expected in
maps and flowcharts, etc. If applicable, terms rectifying any non-conformances or
collect and review any control plans and closing out observations you raised. Let the
failure mode effects analysis work sheets auditees know they are welcome to read
too. Review these thoroughly and highlight your notes and findings; the audit is not a
the aspects that you plan to audit. Using the secret – except the SPOT AUDIT.
documented information ensures they
become audit records.
Try not to be drawn into arguments
concerning your observations. It is never
Your organization’s documented appropriate to directly name people in the
information may not cover all of the audit report as this may lead to
requirements that may be relevant to the defensiveness which is ultimately counter-
process. If certain information is not productive.
available, it may become your first audit
finding, not bad for the pre-audit review!
Types of Internal Audit
Internal audits are commonly referred to as
Certain information and linkages should be ‘first-party audits’ and are conducted by an
audited. Some are required and some are organization to determine compliance to a
set of requirements which might arise from An internal audit checklist will help you to
standards like ISO 9001:2015, as well as determine the extent to which your
customer or regulatory requirements. organization’s quality management system
conforms to the requirements by
There are common methods of internal determining whether those requirements
auditing that may be used to determine have been effectively implemented and
compliance: maintained. The templates will help you to
1. System Audits assess the status of your existing
2. Process Audits management system and identify process
3. Product Audits weakness to allow a targeted approach to
prioritizing corrective action to drive
improvement.
System Audits
The internal audit checklist is just one of the
The system audits are best undertaken using many tools which are available from the
the internal audit checklist. This type of auditor’s toolbox that helps to ensure each
audit focuses on the organization’s quality internal audit addresses the necessary
management system as a whole, and requirements. It stands as a reference point
compares the planning activities and broad before, during and after the audit process
system requirements to ensure that each and if developed for a specific audit and
clause or requirement has been used correctly will provide the following
implemented. benefits:

Process Audits 1. Checklists can be used as a reference

for planning future audits
2. Checklists can be provided to the
The process audit is an in-depth analysis auditee prior to the audit
which verifies that the processes comprising 3. Checklists can provide a means of
the management system are performing and communication
producing in accordance with desired 4. A completed checklist provides
outcomes. The process audit also identifies evidence the audit was performed
any opportunities for improvement and 5. Ensures the audit is conducted
possible corrective actions. Process audits systematically and consistently
are used to concentrate on any special, 6. Ensures a consistent audit approach
vulnerable, new or high-risk processes. 7. Actively supports the organization’s
audit process
Product Audits 8. Provides a repository for notes
collected during the audit process
The product audit may be a series of audits, 9. Ensures uniformity in the
at appropriate stages of design, production performance of different auditors
and delivery to verify conformity to any 10. Provides reference to objective
specified product requirements, such as evidence
dimensions, functionality, packaging and 11. Audit checklists provide assistance
labelling, at a defined frequency. to the audit process
The internal audit checklist comprises tables
of the certifiable (‘shall’) requirements, from
Use an Internal Audit Checklist
Section 4.0 to Section 10.0 of ISO activities and processes with what the
9001:2015, each requirement is phrased as a standard requires. At the end of this activity
question. you will have a list of activities and
processes that comply and ones that do not
A Gap Analysis comply. The latter list now becomes the
The gap analysis will likely be your first target of your implementation plan.
ISO 9001:2015 audit. The gap analysis
checklist highlights the new requirements Preparing the Audit Report
contained in ISO 9001:2015 but it not A good summary report is the output which
intended to cover all of the requirements is the value of the audit. It deserves an
from ISO 9001:2015 comprehensively. appropriate amount of attention and effort.
As you moved through the audit, you should
The unique knowledge obtained about the have noted the issues and observations you
status of your existing quality management saw. These should have been marked clearly
system will be a key driver of the so you are now able to quickly review and
subsequent implementation approach. capture them as you write the report.
Armed with this knowledge, it allows you to
establish accurate budgets, timelines and These findings and conclusions should be
expectations which are proportional to the formally documented as part of the summary
state of your current management system report. Too often, the audit report only
when directly compared to the requirements recites back facts and data the managers
of the standards. already know. The value is in identifying
issues and opportunities they do not know!
Your organization may already have in place This summary should be reviewed first with
an ISO 9001:2008 compliant quality the lead auditor, then the Process Owner and
management system or you might be Management Team. Make final revisions
running an uncertified system. If this is the and file the audit report and all supporting
case, you will want to determine how audit materials and notes.
closely your system conforms to the
requirements ISO 9001:2015. Gather the whole audit package together, in
an organized manner. The rest of the work
The results of a gap analysis exercise will instructions, flowcharts, notes and relevant
help to determine the differences, or gaps, papers should be gathered into the audit
between your existing management system package as supporting records. All findings
and the new requirements. Not only will the should also be documented on your
analysis template help you to identify the corrective action forms. The audit summary
gaps, it will also allow you to recommend and the corrective action forms should be
how those gaps should be filled. attached to the audit package, which now
becomes the audit record. Only the summary
The gap analysis output also provides a report and corrective actions need be given
valuable baseline for the implementation to the process owner.
process as a whole and for measuring
progress. Try to understand each business
process in the context of each of the
requirements by comparing different
Elementary Audit Questions 20. How are quality objectives
determined?
These basic audit questions will help guide 21. Is there a clear link between the
the audit in the right direction since the policies and objectives?
answers they provide often unlock the doors 22. How is progress towards objectives
to information the auditor requires in order measured and communicated?
to accurately assess the particulars of a 23. Has the number of customer
process. complaints changed over time?
24. What tools are used to identify the
causes of complaints?
Consider these common audit questions:
25. How are improvement efforts and
1. What are your responsibilities?
successes communicated to employees?
2. How do you know how to carry them
Getting the Most from the Audit Schedule
out?
The audit schedule is divided up to reflect
3. What kind of training is given to new
each section of ISO 9001 You should
employees?
determine which of these sections are of
4. How is the effectiveness of training
greatest relevance to your business; in other
evaluated?
words, which processes, should there be
5. Are training records maintained?
problems, will affect your customers the
6. What are the objectives of your
most. These are the processes that your
processes?
company must make certain remain stable
7. What is the quality policy and where
and consistent. You might wish to schedule
is it found?
these key processes for additional audits,
8. Which documents do you use and are
perhaps two or even three times per year.
they correct?
9. What outputs does your process
create? The audit schedule provides the following
10. How are your records maintained? benefits:
11. How do you ensure that products 1. Provides a visual plan of the audit
meet the stated requirements? programme
12. Is customer satisfaction data 2. Demonstrates coverage of the whole
analyzed? standard
13. How do you ensure that products 3. Provide current status of the audit
meet the stated requirements? programme
14. What happens when changes are 4. Promotes awareness
made to product requirements?
15. What are the Other types of Audit
responsibilities/authorities for dealing  Certification Audit
with non-conformances  Surveillance Audit
16. Are there trends in non-conforming Is a Certified Auditor "required" to do an
products and what's being done about it? internal audit or can the company do the
17. Is the non-conformance procedure internal audit themselves?
linked to the corrective action process?
18. Are employees made aware of the You do not need a 'Certified Auditor' to
quality policy and objectives? undertake internal quality audits of your
19. Are policies and objectives available management system and its processes.
and relevant?
Internal Auditors can be people from within
your organization who possesses the
necessary competence and impartiality to
undertake internal audits in order to ensure
effective operation of your organization's
processes. The Internal Auditors often report
to the Quality Manager.

INTERNAL AUDITOR – QUESTIONNAIRE

1. To you, what is Internal Auditing?

2.