Internal Audit
Your organization's own systematic check that the management system conforms to requirements and is effectively implemented — mandatory in every ISO management standard, and the certification auditor's first stop.
The requirements
Clause 9.2 in every 2015-generation standard: audit at planned intervals under an audit programme that considers importance and past results; define criteria and scope per audit; select auditors who are objective and impartial (you can't audit your own work — a real constraint in small firms, solved by cross-training or an external contractor); report results to relevant management; act on findings without undue delay; retain records.
ISO 19011 is the free-standing guideline for how to actually do it — auditor competence, programme management, methods. Our 19011 guide covers it clause by clause.
Internal audit vs certification audit
Same techniques, different purpose: the internal audit exists to find problems before they matter — it should be tougher and more granular than the external one, because its findings are free. An internal audit programme that never finds anything is either auditing a perfect company or performing a ritual; certification auditors know which is more likely, and treat empty internal audit results as a red flag in itself.
Go deeper, free.
Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.
Browse the guidesCertify with USQC