ReadSafety.com
Home/Glossary/Internal Audit
Glossary · Performance Evaluation

Internal Audit

Definition

Your organization's own systematic check that the management system conforms to requirements and is effectively implemented — mandatory in every ISO management standard, and the certification auditor's first stop.

The requirements

Clause 9.2 in every 2015-generation standard: audit at planned intervals under an audit programme that considers importance and past results; define criteria and scope per audit; select auditors who are objective and impartial (you can't audit your own work — a real constraint in small firms, solved by cross-training or an external contractor); report results to relevant management; act on findings without undue delay; retain records.

ISO 19011 is the free-standing guideline for how to actually do it — auditor competence, programme management, methods. Our 19011 guide covers it clause by clause.

Internal audit vs certification audit

Same techniques, different purpose: the internal audit exists to find problems before they matter — it should be tougher and more granular than the external one, because its findings are free. An internal audit programme that never finds anything is either auditing a perfect company or performing a ritual; certification auditors know which is more likely, and treat empty internal audit results as a red flag in itself.

Go deeper, free.

Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.

Browse the guidesCertify with USQC