16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

Other standards powered by (0) 1-888-553-2256

IMPLEMENT LEARN FREE RESOURCES ABOUT

(0)

ISO 9001 Knowledge base

Knowledge base / Certification / Audit

13 Steps for ISO 9001 Internal Auditing using ISO

19011
Mark Hammar

   

How can you make internal audits more effective? By using the 13-step method of audit
activities outlined in ISO 19011, you can use the same trusted framework that is employed
by the certification bodies. The standard also outlines audit principles, auditor competence
and setting up an audit program, but in this article I will focus only on the 13 audit activities
to follow.

The main 13 steps of an internal audit

The audit activities of ISO 19011 detail the management of the activities for the audits
themselves. This formalized approach can help to ensure your internal audits are effective
and consistent, and builds the integrity of the internal audit system. These steps are not
mandatory (e.g., smaller companies might skip some of them), but they are a best practice
Hi there! Would you like me to
for conducting an audit. Below is a flowchart of the process of conducting an individual
show you ISO 9001 documents?
audit: :)

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 1/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

1) Initiate the Audit: To start, the auditor must initiate the audit by contacting the process
owner to be audited and ensuring the audit will be feasible. It is just a good idea to make
sure someone is available to present evidence when you want to audit, rather than try to
surprise them.

2) Review the Documents: You then need to review the documents for the process. This
will help you to know how big of an audit it will be, whether it might take a whole day or
only an hour. This knowledge is critical for the next step.

3) Develop Audit Plan: The purpose of the document review is to develop your audit plan
of what will be audited, who will do the auditing, when it will happen and who will be
audited. Here you decide how the audit will be split up if more than one auditor will be
used, and how much time will be dedicated to each process in the audit.

ISO 9001:2015 INTERNAL AUDITOR COURSE

Free online course to learn how to perform an internal audit in your company

ENROLL FOR FREE

Hi there! Would you like me to

4) Assign Work to Auditors per Plan: Larger audits may assign work amongst several
show you ISO 9001 documents?
auditors, with each taking more than one process to audit. In this
:) way you can shorten the
amount of time that an audit disrupts the processes, such as having three auditors working
for one day rather than one auditor working for three days.

5) Prepare Working Papers: The assigned auditor then prepares the audit working papers
that will identify what the auditor wants to verify, what questions to ask, and what they
https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 2/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

expect as evidence. This will be drawn from the QMS documentation and the ISO 9001
standard.

6) Determine the Audit Sequence: The next step is to determine the sequence of audit
from the opening meeting through presenting audit findings. If done right, the sequence
of process audits can help to make the audit flow easier. Some examples are starting a
large audit with a review of internal audits and corrective actions, which will give you an
idea of what weaknesses have already been identified; or ending the audit with a review of
documentation records and training records, because the process audits will have
identified records to review, making this easier.

7) Conduct Opening Meeting: The audit begins with an opening meeting. This is to
reiterate to the auditees that this is not a surprise audit, and is there to verify conformance
rather than to find fault. Some fine tuning of the audit times can be done at the opening
meeting, as well as making sure that everyone understands the scope and extent of this
particular audit.

8) Review Documents and Communicate: After the meeting, any documents

immediately presented by the auditee should be reviewed to gather relevant information
that might not have been available before (an example would be a process improvement
that is being used on a trial basis, but is not yet in the documentation). A general rule is
that communication should be maintained throughout the audit (sometimes an audit
guide is used, especially with external auditors).

9) Carry out the Audit: This step is often thought of as the actual audit. The auditor asks
the questions, and collects the records and observations that will demonstrate if the
processes meet the QMS requirements. Again, it is important to remember that an auditor
is there to try to verify that a process conforms to the requirements set out, not to dig until
fault is found.

10) Generate Audit Findings: After the auditor finishes the verification, they must generate
the audit findings and prepare any audit conclusions to be presented. If all is found to be
conforming, then there will be no corrective actions presented; but if not, then the
corrective actions need to be properly prepared. It is equally important to highlight best
practices in a process as it is to identify any shortcomings. Some companies also use a
process of having internal audits identify opportunities for improvement (OFIs), which the
process owner can review and accept if they wish. Hi there! Would you like me to
show you ISO 9001 documents?
11) Present Findings and Conclusions: The findings and conclusions are then presented,
:)
normally at a closing meeting, in order for the process owners to understand and ask
questions as well as present clarification if something was misunderstood in the audit.

12) Formally Distribute Audit Report: The final findings are formally written and
distributed in an audit report. This gives everyone an easy reference on actions needed, as
https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 3/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

well as providing a record of the outcome of the audit.

13) Follow Up on Actions / Corrective Actions: Probably the most important part of an
audit is for the auditor to follow up on any actions, as a way of ensuring remedial action is
taken and completing the audit. Without follow up of corrections and corrective actions,
the same problems could be found continually during subsequent audits, which defeats
the purpose of the audit being done. For more information, see Seven Steps for Corrective
and Preventive Actions to support Continual Improvement.

Why it is a good idea to use ISO 19011 to plan your internal audit
process
In a QMS audit process it is important to make sure you do not miss anything important,
such as auditor knowledge and proper audit planning, so using a known method to set up
your process can help make implementation easy. ISO 19011 provides this method.

To learn how to perform ISO 9001 internal audit, see this free online training: ISO 9001
Internal Auditor Course.

ISO 9001:2015 INTERNAL AUDITOR COURSE

Free online course to learn how to perform an internal audit in your company

ENROLL FOR FREE

Hi there! Would you like me to

AUTHOR show you ISO 9001 documents?

:)
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence
through the American Society for Quality and has been a Quality Professional since

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 4/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

1994. Mark has experience in auditing, improving processes, and writing

procedures for Quality, Environmental, and Occupational Health & Safety
Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and
ISO 14001.

 PREVIOUS POST

Checklist of ISO 9001 implementation & certification steps

NEXT POST 
Five Main Steps in ISO 9001 Internal Audit

UPCOMING FREE WEBINAR

Presenter
Carlos Pereira da Cruz

The Process Approach - What it is, why it is

important, and how to do it

 Thursday – February 24, 2022

REGISTER NOW

Hi there! Would you like me to

show you ISO 9001 documents?
:)

SUGGESTED READING

New approach to document and record control

in ISO 9001:2015
https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 5/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011
in ISO 9001:2015
Mark Hammar  June 30, 2015

There is a lot of talk going around about how documented information is...

READ MORE 

How to Write a Good Quality Policy

Mark Hammar  March 25, 2014

One of the first things to do when implementing a Quality Management

System...

READ MORE 

How to address risks and opportunities in ISO

9001
Mark Hammar  June 21, 2016

When using the ISO 9001:2015 requirements as a basis for your Quality

Management System...

READ MORE 

Please enter your email address to subscribe to our newsletter like 20,000+ others

You may unsubscribe at any time. For more information, please see our privacy notice.

jgallardot@cumbra.com.pe Hi there! Would you like me to

show you ISO 9001 documents?
:)
OUR CLIENTS
SUBSCRIBE

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 6/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

Hi there! Would you like me to

show you ISO 9001 documents?
:)

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 7/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

OUR PARTNERS

Advisera is Exemplar Global Certified TPECS Provider

for the IS, QM, EM, TL and AU Competency Units.

ITIL® is a registered trade mark of AXELOS Limited.

Used under licence of AXELOS Limited. All rights
reserved.

Hi there! Would you

DNV GL Business Assurance is one of the leading like me to
providers of accredited management systems
certification. show you ISO 9001 documents?
:)

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 8/9
16/2/22, 8:13 ISO 9001 internal audit in 13 steps using ISO 19011

EXPLORE ADVISERA

EU GDPR Online
ISO 27001 and ISO 22301 ISO 9001 Online
ISO 14001 Online

Consultation Center Online

Consultation Center Consultation Center
Consultation Center

ISO 45001 Online

ISO 13485 Online
AS9100 Online
IATF 16949 Online

Consultation Center Consultation Center Consultation Center Consultation Center

ISO/IEC 17025 Online

ITIL and ISO 20000 Online
ISO Compliance & ISO online courses
Consultation Center Consultation Center Company Management

Leading books on

ISO standards

DOCUMENTATION LEARNING SUPPORT

CENTER ABOUT
Product Tour Free Consultation
ISO 9001 & ISO 14001 What is ISO 9001? Product list Community
ISO 9001 Tools About us
Tools for Consultants Free Downloads Contact us
Newsletter BLOG
Free Preview ISO 9001 Webinars
Download Knowledgebase Privacy and Terms
ISO 9001 Blog
2015 Transition FAQs
We are hiring Hi there! Would you like me to
Testimonials
show you ISO 9001 documents?
:)

Copyright © 2022 Advisera Expert Solutions Ltd

https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/?utm_campaign=free-webinar-Advise… 9/9