An internal audit is a systematic, independent process to verify that a management system meets the requirements of the applicable ISO standard.
Internal audit (Annex SL clause 9.2) is a mandatory requirement of all ISO management system standards. It consists of objectively evaluating whether the management system is effectively implemented and maintained, generating evidence of findings and improvement opportunities.
The internal auditor cannot audit their own work. They must be independent from the process being evaluated.
The organization must plan a program covering all in-scope processes with frequency based on risks and previous results.
Audit findings must be supported by verifiable evidence: records, interviews, direct observations.
Internal audit is performed by the organization itself (or a hired external consultant). Certification audit is executed by an independent accredited body with authority to issue the certificate.
The standard does not define a fixed frequency. It must be planned considering process importance, recent changes and previous audit results. At least once per year is common practice.
ISO 19011 defines competencies: knowledge of the applicable standard, audit techniques, risk-based thinking and communication skills. Training in the specific standard is essential.
Assessment within 72 business hours. ISO methodology. No ties to certification bodies.
Request diagnosis