ISO 9001 Internal Auditing

For something that is, in theory, relatively straightforward. The subject of what makes a good internal quality audit can certainly get some people all hot under the collar

ISO 9001 requires organisations to “implement & maintain” an internal audit program, and so, like it or not, organisations that need ISO 9001 registrations need to be able to demonstrate something that meets the definition

The requirements are actually quite clear, and boiled down to its elements, clause 8.2.2 requires that internal audits demonstrate the following attributes

  • A plan or schedule for carrying them out that is up-to-date
  • Specific scope and criteria for each audit
  • A rationale behind the frequency of audits that is based on things like criticality, recent changes and level of problems
  • Competent and independent internal auditors
  • Documented and sufficiently descriptive findings
  • A discipline of dealing with non-conformities in a timely way
  • A periodic review of findings at top management level

But often many of these things are ignored. For what reason I would not like to speculate. For example a recent training client of mine had been allowed a three year period of grace from their certification body (a large BRITISH CB – there’s a clue) before they received a minor non-conformity for not conducting audits. Seriously, they hadn’t done any for THREE YEARS

That’s an extreme case, but more often we see things like;

  • the rationale behind the frequency is not questioned
  • the quality of the reports is poor and lacking in detail
  • corrective actions are superficial and fail to deal with “root cause” and
  • good practice is not be reported

There are also a couple of myths that need exploding. For example, all procedures must be audited at least once per year (which they don’t) and non-conformities must be graded “major” and “minor” or by some equivalent (which gain they do not)

The thing that continually baffles me, however, is that it usually takes about the same level of time and effort to do them well as it does to do them badly. It certainly is a strange one. Do them well and at the right time and there’s some really useful management information to be generated


Doru and Dragos in auditing mode a couple of years back

This entry was posted in Auditing, ISO 9000 and tagged , . Bookmark the permalink.

4 Responses to ISO 9001 Internal Auditing

  1. Pingback: Beginner's guide to ISO 9001 | Capable People Blog

  2. Pingback: EFQM and ISO 9001 - a comparison of approaches | Capable People Blog

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.