Getting the most out of Internal Audits

Klavs Henriksen, Lead Auditor at Alcumus ISOQAR, shares his tips on how to conduct effective internal audits of ISO management systems.

13th Sep 2018

Klavs Henriksen, Lead Auditor at Alcumus ISOQARInternal audits are a way of regularly controlling whether or not your own organisation conforms to the requirements that you have implemented; both the requirements that you have implemented for yourself and the requirements you have implemented to meet the standard.

You must therefore assess your organisation to determine if your processes and procedures are well implemented and managers and staff understand and are following the requirements.

Internal audits are an effective way of establishing if there is a gap between what you are doing in practice in the organisation and what it is believed is happening!

 

Audit criteria

In every audit it’s important to keep an eye on the ‘audit criteria’.

Audit criteria can be a specific process, the ISO standard (or a section of it), a project, a customer contract, a supplier or anything else where it’s important to evaluate the difference between the documented requirements and the facts on the ground.

 

So, what is an audit?

The official definition is: “A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”

The auditors must, in other words:
 

  • Ensure a systematic approach to the audit process

  • Be independent of the area that is audited and not be unduly biased

  • Document the audit process by producing an audit report or similar that documents the results of the audit

  • Provide evidence to show that the audit process and the conclusions were made on a sound basis

  • Use the evidence to document consistency between practice and the audit criteria

 

6 Essential Concepts You Must Keep in Mind as an Auditor...

Integrity - The basis for professionalism. You must do the work honestly, exercise care, accountability, demonstrate competence, impartiality, exercise justice, and be free of prejudice. Be aware of any influence that may be exercised on your auditor's discretion during auditing.

Honesty - Auditors are obliged to report truthfully and accurately. Audit results, conclusions and reports should reflect the audit activities truthfully. Significant obstacles and undeclared divergent opinions should be reported - especially to the supervisor. Communication should be truthful, accurate, objective, timely, clear, and complete.

Due diligence - Auditors must show thoroughness and judgment in performing an audit - just as reasoned judgment must be shown.

Confidentiality - Auditors must ensure information security. Auditors should exercise discretion in the use and protection of the information they become aware of during the audit as well as to ensure proper handling of this information.

Independence - Auditors must be independent and ensure that the basis of impartiality is present so that they can make objective audit conclusions. Auditors should - wherever practicable - be independent of the activity audited so that they can act in a way that is free of prejudices and conflicts of interest. Internal auditors should be independent of the operators for the function being audited.

Fact based - Auditors must ensure that a rational approach is used to achieve reliable and reproducible audit conclusions in a systematic audit process. ‘Reproducible’ means that the testimony must be so strong that there cannot be any doubt about the auditor’s observations. Testimony should be clear and clear and must be "recreated".

 

Preparing for an audit

When preparing an internal audit, consider the following:

 

  • What does my audit plan show?

  • Which departments and processes should I audit?

  • Do I have the appropriate skills to audit this area or should I seek assistance from a specialist in the area I am going to audit? (Recognise that you are not world champion in all processes and departments!)

  • How can you best prepare yourself? For example: What procedures or parts of the system should you read? What forms and databases are you going to review before auditing?

  • Make checklists with the questions you would like to answer.

  • Develop a program for auditing. Make sure you have enough time to do the audit.

  • Consult the parties involved so that they are ready and prepared for you.

 

Training and competency

ISO 9001 requires that your auditors are competent to perform internal audits. It’s not something that you can enter into blind or make up as you go along.

There are numerous IRCA certified training courses available to equip you with the skills required. Not only does formal training improve the effectiveness of the audits, it’s a great additional to your personal skill set.

 

Finally…

Auditing is a serious business. I should know - I do it for a living! The way you conduct yourself is key to getting the most out of the audit. Whilst it is a semi-formal process, you aren’t there to intimidate or humiliate your colleagues. ISO 9001 is, after all, a system for continuous improvement. So, embark on it with a positive frame of mind, put your colleagues at ease and treat it is a learning experience for everyone involved.