Understanding Internal Audits

An Internal Audit examines the operation of your management system. This provides top level management with the information needed to ascertain whether the system is operating effectively or if any changes need to be made.

For a list of the types of audit there are, see the section below, ‘Types of Audit’. For now though we’ll concentrate on Internal and External Audits.

An Internal Audit is performed within the organisation by auditors who are employed by the organisation, but who should have no vested interest in the audit results of the area being audited.

An External Audit can either be an audit carried out by an interested third party, such as the customer of a supplier, or be an audit carried out by an independent, third party, audit organisation (such as a Certification Body) that is free of any conflict of interest, for certification, registration, verification, etc.

So what is the purpose of the Internal Audit?
For Organisations with a formal Management System in place, such as ISO 9001, ISO 14001, or ISO 45001, this is a requirement of the Standard, which means it must be done. It is there to serve several purposes:

• Ensuring adherence to the company’s procedures – the auditor should look to ensure that the organisation is complies with its own procedures.
• Ensuring the effectiveness of the system – the auditor should look at all processes, reviewing the value of each process, and ensure that the procedures still meet the organisation’s objectives.
• Providing information for management reviews – the results of audits should be documented so that they can be reviewed and analysed, providing information for use in corrective action programmes and management reviews.
  
• Identifying opportunities for improvement – the auditor should, with the responsible person, examine documented evidence against the Management System that is relevant to the function or department being audited. This could include staff competency, qualifications or training. Problems should be discussed with the auditee and corrective/preventive actions should be recorded.
• Driving continual improvement – the auditor needs to follow up and verify that any corrective actions have been completed by the agreed date.
  

When should Internal Audits be carried out?
Organisations with a certified Management System should conduct internal audits at planned intervals throughout the year. This will enable you to regularly determine whether the system in question conforms to the requirements of the Standard, the processes and procedures detailed within your Management System, and is effectively implemented and maintained.

​Types of Audit
Audits take many forms, first, second and third party, accredited & non-accredited.

First Party Audits
An internal audit of your systems, sometimes carried out as an impartial check of your operations, or maybe as an internal audit prior to your accredited certification audit. Perhaps your company doesn’t have an in-house internal auditor, or requires an independent systems check for compliance verification.

Second Party Audits
Usually carried out on your suppliers or prospective suppliers and may be paid for by them to assure you that their systems are in place to satisfy your company’s needs. Everything may be OK while things are running smoothly, but can they cope if something goes wrong, can they trace back to how and why? Can they recall affected products? If not it may be your company that suffers.

Third Party Audits
An accredited certification audit by an accredited body, e.g. a Certification Body (which may be, for example, audited itself by UKAS).

​The Ideas Distillery offers a comprehensive, objective auditing services which can be undertaken to verify compliance against International Standards (ISO), legal requirements or internal procedures. This service will ensure impartiality of the audit process therefore maintaining impartiality. Click here to find out more.