Implementing Effective Internal Audits: A Guide to ISO 9001:2015 Clause 9.2
Introduction
Internal audits are an important part of making sure a company’s quality management system works well and meets ISO 9001:2015 standards. This blog explains how to plan and carry out internal audits effectively to check if the company is following its quality promises and improving wherever needed. Maxicert, a leader in ISO certification services, helps organizations understand and apply these audits to boost quality and success. With the right audit process, companies can find areas to improve and keep delivering great products and services.
9.2 Internal Audit
Internal audits are your secret weapon for quality. This guide to ISO 9001:2015 Clause 9.2 explains how to plan and conduct effective audits to verify your quality management system is working as intended. Learn to check if you’re doing what you said you would do, and use the results to drive real improvement in your organization.
9.2.1 Purpose of Internal Audits
The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
- Conforms to:
- The organization’s own requirements for its quality management system;
- The requirements of this International Standard.
- Is effectively implemented and maintained.
9.2.2 Planning and Conducting Internal Audits
The organization shall:
- Plan, establish, implement and maintain an audit programme(s) including frequency, methods, responsibilities, planning requirements, and reporting. This programme shall consider the importance of the processes, changes affecting the organization, and results from previous audits.
- Define the audit criteria and scope for each audit.
- Select auditors and conduct audits to ensure objectivity and impartiality.
- Ensure the results of audits are reported to relevant management.
- Take appropriate correction and corrective actions without undue delay.
- Retain documented information as evidence of audit programme implementation and results.
Note: See ISO 19011 for guidance.
ISO 9001:2015 Clause Guide Panel
- Clause 1
- Clause 2
- Clause 3
- Clause 4 – Sub-clause 1
- Clause 4 – Sub-clause 2
- Clause 5 – Sub-clause 1
- Clause 5 – Sub-clause 2
- Clause 5 – Sub-clause 3
- Clause 6 – Sub-clause 1
- Clause 6 – Sub-clause 2
- Clause 7 – Sub-clause 1
- Clause 7 – Sub-clause 2
- Clause 7 – Sub-clause 3
- Clause 7 – Sub-clause 4
- Clause 8 – Sub-clause 1
- Clause 8 – Sub-clause 2
- Clause 8 – Sub-clause 3
- Clause 8 – Sub-clause 4
- Clause 8 – Sub-clause 5
- Clause 8 – Sub-clause 6
- Clause 8 – Sub-clause 7
- Clause 8 – Sub-clause 8
- Clause 8 – Sub-clause 9
- Clause 8 – Sub-clause 10
- Clause 8 – Sub-clause 11
- Clause 8 – Sub-clause 12
- Clause 9 – Sub-clause 1
- Clause 9 – Sub-clause 2
- Clause 9 – Sub-clause 3
- Clause 9 – Sub-clause 4
- Clause 10
How Should You Conduct the Audit?
Frequency of Internal Audits
Audits should cover all quality-related activities you undertake and align with the standard’s requirements. When managing the audit programme and deciding audit frequency, consider factors such as:
- Are there complex procedures or processes justifying separate audits?
- How mature is your quality management system?
- Are there areas with a history of problems?
- Does your hands-on approach suggest less frequent audits?
Typically, all aspects of the quality management system are audited at least once within a 12-month cycle, though some processes may require more frequent audits.
Reporting Internal Audit Results
A report or summary for each audit should list all findings and any required actions. This record need not be complex. If previous audits required action, the current audit should check the effectiveness of these changes and record the findings.
Using Internal Audit Results
Information from internal audits should be a key input to management review. When nonconformities or inconsistencies are found, corrective actions should be developed and implemented within an established timeframe to prevent ongoing problems.
Audits can also reveal conditions that may not be nonconforming but carry risk. Such observations can be noted in audit reports so management may decide if preventive actions are necessary to avoid serious problems or losses.
Who Should Conduct Your Internal Audits?
Auditors should, as much as possible, be independent of the work or processes being audited. In small organizations with limited personnel, this may not be feasible. In such cases:
- Managers acting as auditors must maintain objectivity and distance from direct operations.
- Organizations with two people may audit each other’s work or perform audits jointly.
- Cooperation with another small organization for cross-audits can be beneficial.
- External auditors from chambers of commerce, quality consultancies, or inspection bodies can be engaged if competent.
Example: A Small Company with 12 Employees
In this company, the owner (top management) and the QA manager (with dual roles as management and internal auditor) share quality responsibilities.
Guidance on establishing an internal audit programme, conducting audits, and evaluating auditor competence is provided in ISO 19011. This guidance should be adapted to the organization’s size, management model, and criticality of products and services.
Conclusion
Internal audits are the cornerstone of a truly effective quality management system. Rather than being a mere formality, they provide a crucial, objective look into your organization’s processes. By systematically planning and conducting audits, you not only verify that you are meeting your own requirements and the ISO 9001 standard but also uncover valuable insights for continuous improvement. The data and findings from your audit program are vital for management review, ensuring that your quality system remains a dynamic and powerful tool for achieving organizational goals and maintaining excellence. With Maxicert’s expert support in ISO certification and auditing practices, organizations can transform internal audits into a strategic advantage—strengthening compliance, driving performance, and fostering a culture of continual improvement.
Free 60–90 day implementation plan available after consultation.
Client Testimonials
What Our Clients Say About Us?
We are trusted by thousands of clients belonging from technology, manufacturing, healthcare and various sectors
FAQ
What is the main purpose of internal audits in ISO 9001?
Internal audits help check if your quality management system is working as planned and meets both your company’s and ISO 9001 requirements. They reveal areas where improvements are needed.
How often should internal audits be conducted?
The frequency depends on your processes’ importance and past audit results. Typically, every part of your quality system should be audited at least once a year, but some areas may need more frequent checks.
Who should perform internal audits?
Auditors should be impartial and independent of the areas they audit. In small companies, it’s okay if this is not always possible, but auditors must be objective and maintain a clear distance from their daily tasks.
What happens after an internal audit finds issues?
The organization must take corrective actions quickly to fix problems. Follow-up audits check if these fixes worked, helping your quality system get better continuously.
Their presence in Oman made us even better to accomplish our goal of achieving ISO certificates on time, we will definitely recommend their services.
Mr. Sailesh Mohanakrishnan Division Manager – Khimji Ramdas, Oman