AuditsReady LogoAuditsReady
ISO 9001 Complianceβ€’13 min read

ISO 9001 Internal Audit Guide: How to Conduct Effective Audits (2025)

Your ISO 9001 certification audit is in 8 weeks. The certification auditor asks: "Can I see your most recent internal audit report?"You freeze. You haven't done one. You just failed. Internal audits are MANDATORY for ISO 9001β€”there's no waiver, no exemption for small companies, no "we'll do it later." Here's exactly how to conduct one that passes muster.

Critical Facts About Internal Audits

⚠️ MANDATORY

No internal audit = automatic certification failure. Zero exceptions.

πŸ“… Frequency

At least once per year minimum. Can be more frequent.

βœ“ Scope

Must cover ALL clauses (4-10) and ALL departments.

πŸ‘€ Who Can Audit

Anyone trained, but they can't audit their own work.

What Is an Internal Audit? (And What It's NOT)

An internal audit is when YOUR company audits YOUR OWN quality management system to find gaps before the external certification auditor does.

βœ… What It IS:

  • β€’ Systematic check of your QMS
  • β€’ Looking for non-conformances
  • β€’ Verifying procedures are followed
  • β€’ Checking records are complete
  • β€’ Finding improvement opportunities

❌ What It's NOT:

  • β€’ Performance reviews of employees
  • β€’ Production efficiency audit
  • β€’ Safety inspection (that's separate)
  • β€’ Looking for who to blame
  • β€’ Box-checking exercise

Step-by-Step: How to Conduct an Internal Audit

1

Create Annual Audit Schedule

Requirement: ISO 9001 Clause 9.2 requires audits at "planned intervals." Create a schedule showing what will be audited when.

Example Schedule (Small Manufacturer):

QuarterAreas to AuditClauses
Q3 2025Production, Quality Control, Document Control4, 7, 8
Q4 2025Purchasing, Management Review, Corrective Action5, 8.4, 9, 10

πŸ’‘ Pro Tip: All clauses must be covered within 12 months. Can split into 2-4 audits or do everything at once.

2

Select & Train Internal Auditors

Who can be an auditor? Anyone in your companyβ€”IF they're trained and don't audit their own work.

Auditor Requirements:

  • βœ“ Completed internal auditor training (16-24 hour course, online or in-person)
  • βœ“ Understands ISO 9001 requirements
  • βœ“ Can remain objective (not auditing own department)
  • βœ“ Good communication skills

Small company hack: Quality Manager audits production, Production Manager audits purchasing, etc. Cross-audit to maintain independence.

3

Create Audit Checklist

Don't wing it. Prepare a checklist of what you'll verify in each area.

Sample Checklist Items (Production):

  • Are work instructions available at workstations? (Clause 7.5)
  • Are employees following documented procedures? (Clause 8.5)
  • Is product identification visible (job numbers, lot codes)? (Clause 8.5.2)
  • Are inspection records complete and signed? (Clause 8.6)
  • How are nonconforming products handled? (Clause 8.7)
4

Conduct the Audit

Schedule 1-3 days depending on company size. Walk the floor, interview employees, review records.

Audit Techniques:

Observation:

Watch employees perform tasks. Do they follow documented procedures?

Interviews:

"Show me the procedure you use for this." "When were you last trained on this process?"

Document Review:

Check training records, calibration certificates, inspection logs, corrective action reports.

Sample Testing:

Pick random job numbers, trace back through records. Are all documents present?

5

Document Findings

Write a formal audit report. This is what certification auditors will ask to see.

Required Report Contents:

  • βœ“ Audit date and auditor name(s)
  • βœ“ Areas audited (departments, processes, clauses)
  • βœ“ Summary of findings (conformances and non-conformances)
  • βœ“ Specific non-conformances with clause references
  • βœ“ Opportunities for improvement
  • βœ“ Auditor signature and date
6

Close Corrective Actions

For every non-conformance found, create corrective action to fix the root cause.

Corrective Action Process:

  1. Assign owner for each finding
  2. Investigate root cause (why did it happen?)
  3. Implement correction (fix the immediate problem)
  4. Implement corrective action (prevent recurrence)
  5. Verify effectiveness (did the fix work?)
  6. Close out finding with evidence

⏱️ Typical closure time: 30-90 days depending on complexity

Top 10 Internal Audit Findings (What to Look For)

Based on thousands of internal audits, here are the most common non-conformances found in manufacturing:

1

Incomplete Training Records

Clause 7.2

Example: Employee operating CNC machine has no training record on file

2

Expired Calibration

Clause 7.1.5

Example: Micrometer last calibrated 18 months ago (procedure requires annual)

3

Procedures Not Followed

Clause 8.5

Example: Inspection procedure requires 3 measurements, operator only does 1

4

Missing Work Instructions

Clause 7.5

Example: Complex assembly has no documented work instruction at workstation

5

No Product Identification

Clause 8.5.2

Example: Parts in WIP with no job number or lot code visible

6

Corrective Actions Not Closed

Clause 10.2

Example: Customer complaint from 6 months ago still open, no root cause analysis

7

Outdated Documents in Use

Clause 7.5

Example: Operator using Rev B procedure, current version is Rev D

8

No Management Review

Clause 9.3

Example: Last management review meeting was 18 months ago (annual required)

9

Incomplete Inspection Records

Clause 8.6

Example: Final inspection form partially blank, no inspector signature

10

Supplier Not Approved

Clause 8.4

Example: Purchasing from supplier not on approved supplier list

Internal Audit Best Practices

βœ“ Schedule Audits 6-8 Weeks BEFORE Certification Audit

Why it works: Gives you time to fix findings before external auditor arrives. Don't wait until last minute.

βœ“ Focus on Evidence, Not Blame

Why it works: Audit is about finding system gaps, not punishing employees. Keep it objective and improvement-focused.

βœ“ Use Sampling

Why it works: Can't check every record. Sample 5-10% of transactions, jobs, training records, etc. Pick randomly.

βœ“ Ask Open-Ended Questions

Why it works: Instead of 'Do you follow the procedure?' ask 'Show me how you do this.' You'll learn more.

βœ“ Follow the Process Flow

Why it works: Trace a job from order entry β†’ production β†’ inspection β†’ shipping. Checks multiple clauses at once.

βœ“ Look for Patterns

Why it works: One missing training record = minor issue. Ten missing training records = systemic problem.

AI-Powered Internal Audit Prep (Know What You'll Find)

Before you conduct your internal audit, let our AI scan your QMS and predict the top 10 findings you're likely to discover. Fix them before the audit even starts.

πŸ” Pre-Audit AI ScanπŸ“₯ Download Internal Audit Checklist

Predicts top 10 findings β€’ Fix issues before internal audit β€’ P.Eng validated β€’ Free scan

Related Resources:

Certification Audit Preparation

8-week preparation timeline and complete checklist for external audits.

Read Guide β†’

All 10 ISO 9001 Clauses Explained

Complete guide to every ISO 9001 requirement with real examples.

Read Article β†’
Back to BlogHome