Internal audits are a fundamental part of ISO certification and a great way to identify opportunities for improvement. However, it’s important to take a step back and ask yourself, and your organisation: ‘What are the requirements?’
What do the ISO standards require? What you are required to do as an internal auditor vary. But first, how do you conduct them? The key is to take a holistic approach to your business improvement strategies to get staff ‘buy-in’, improving the exponential engagement and involvement. By ensuring you conduct your internal audits this way you can ensure you get the most out of the audit process and create the best internal controls.
What the standards require:
The ISO standards for Quality Management Systems (ISO 9001:2015), Environmental Management Systems (ISO 14001:2015), Safety Management Systems (AS/NZS 4801:2001, OHSAS 18001:2007, ISO 45001) and Information Security Management Systems (ISO 27001:2013) all require internal audits to be planned and conducted. This means the audits have to be carried out at pre-determined intervals, and not “as required”. The more often internal audits are carried out, the more effective they should be and the easier they should be.
They also require internal auditors to be trained, and this training can be defined by your management system. One great method is the Best Practice Internal Auditor Training course, where we go through the ins and outs of internal audits and remaining unbiased.
The steps you are required to take:
As an internal auditor, you should ensure your processes say what you are really doing. Is your system compliant?
The next step is to determine whether this process is being carried out all of the time, in every scenario. If not, what are the instances the process has not been followed?
Now your process is being followed all of the time, determine if the process is efficient or whether it could be done in a better way. Efficiency is about achieving maximum productivity for the least possible cost.
Lastly, you need to remain unbiased in your observations of the processes and how they are being conducted. Your recommendations should be delivered with a positive spin – imagine a team session where the team work together to look for improvements, then develop a plan to work on the most important ideas identified.
For assistance with identifying areas of improvement, you can complete a self-evaluated Gap Analysis Checklist to highlight gaps within your Management System.