Management System Internal Audits

Checking that the system works is a vital part of the management systems. An organization must perform internal audits to check how its quality, environmental, health and/or safety management system is working. An organization may decide to invite an independent certification body to verify that it is in conformity to the standard, but there is no requirement for this. Alternatively, it might invite its clients to audit the quality system for themselves. Read more about certification to management system standards.

The purpose of conducting internal audit is to find out the answers to following questions:

• Is management system of the organization conformed to the planning of management systems carried out in the organization?
• Is the management system of the organization conformed to the requirements of Management System Standards?
• Is the management system of the organization conformed to the management system requirements established by the organization?
• Is the management system of the organization effectively implemented and maintained?

An internal audit is a tool to monitor and determine the health of the management system of the organization. For an organization, a properly conducted audit is beneficial and we need to conduct value added internal audit that is useful to the organization, auditee department, management representative and top management.

Clause 8.2.2 of ISO 9001:2008 QMS Standard and 4.5.5 of ISO 14001 EMS Standard, RC 14001 Responsible Care Standard and OHSAS 18001 OHS Standard deals with internal audit requirements. As per requirements of the standards, an organization needs to conduct internal audit at planned intervals. An audit process should include the following aspects:

• Planning of internal audit – such as planning of audit schedule, assignment of auditors, auditee area, and scope of audit, status and importance of processes, results of previous audits.
• Examining and reviewing the management system documentation of the organization,
• Examining and reviewing other relevant information of the organization, such as production, environmental, health and safety reports, failure, accident and incident trends, customer and community feedback,  etc.
• Examining and reviewing the management system procedures, SOP's and processes by visiting the audit area spot, interviewing relevant personnel and looking to relevant processes.
• Reporting the internal audit results (including corrective action requests from auditors).
• Verifying corrective actions taken.

What should be done after getting results of internal audit?

The organization gets information about the areas which need correction and/or improvement from the results of internal audit. The information from internal audit results becomes input for the management review.

Who should perform internal audits?

Internal auditors should perform internal audits. Management System Standard; ISO 9001:2008 QMS Standard and 14001 EMS Standard, RC 14001 Responsible Care Standard and OHSAS 18001 OHS Standard has two relevant important requirements:

• Selection of auditors must ensure objectivity and impartiality of the audit process
• An auditor must not audit his/her own work.

Clause 6.2.1 of ISO 9001:2008 QMS Standard 4.4.2 of ISO 14001 EMS Standard, RC 14001 Responsible Care Standard and OHSAS 18001 OHS Standard  mentions the requirement of competent personnel performing work affecting conformity to product requirements on the basis of appropriate education, training, skills and experience. Accordingly, the personnel conducting internal audit must be competent to audit for which the organization should refer to the relevant guidelines as mentioned in ISO 19011 Standard and take appropriate steps to provide appropriate training to personnel selected as auditors for internal audit.