Why Internal Audits Matter
Internal audits are one of the most powerful tools in a quality management system — yet many organizations treat them as a bureaucratic checkbox. Done well, an internal audit reveals real process gaps, prevents nonconformities before external auditors find them, and creates a feedback loop for continual improvement. Done poorly, they waste time and provide false assurance.
This guide walks through every phase of an internal audit, from planning to closure, with practical advice for making your audits genuinely useful.
Phase 1: Audit Planning
Effective audits begin long before anyone walks onto the shop floor or into a meeting room.
- Define scope and objectives: What processes, departments, or clauses are being audited? What questions are you trying to answer?
- Establish audit criteria: Typically the relevant ISO standard clauses, your organization's procedures, and applicable regulatory requirements.
- Select and brief the audit team: Auditors must be objective and independent — they should not audit their own work. Ensure they are trained and competent.
- Create an audit schedule: Notify auditees in advance. Avoid scheduling during known high-pressure periods.
- Prepare an audit plan and checklist: Develop open-ended questions for each process or clause. A checklist keeps you focused but shouldn't limit your inquiry.
Phase 2: Opening Meeting
The opening meeting sets the tone. Keep it brief but cover the essentials:
- Introduce the audit team and their roles
- Confirm the scope, objectives, and schedule
- Explain the process for raising findings and nonconformities
- Invite questions from auditees
Emphasize that the audit is a collaborative process aimed at improvement, not fault-finding. This reduces defensiveness and encourages openness.
Phase 3: Evidence Gathering
The core of the audit involves collecting objective evidence through three primary methods:
- Interviews: Speak with process owners and operators. Ask open-ended questions: "Can you show me how this process works?" or "What happens when a nonconformity is found?"
- Document and Record Review: Examine procedures, work instructions, forms, calibration records, training logs, corrective action reports, and management review minutes.
- Observation: Watch processes being carried out. Do actual practices match documented procedures?
Record all evidence — what you were shown, who you spoke with, what documents you reviewed. This forms the audit trail.
Internal Audit Checklist: Key Areas to Cover
| Area | Key Questions |
|---|---|
| Context & Planning | Is the QMS scope defined? Are risks and opportunities identified and addressed? |
| Leadership | Is the quality policy communicated and understood? Are roles and responsibilities clear? |
| Competence & Training | Are training records maintained? Are employees competent for their roles? |
| Operational Controls | Are work instructions available and followed? Are incoming goods inspected? |
| Monitoring & Measurement | Are KPIs tracked? Are measuring instruments calibrated? |
| Nonconformity Management | Are nonconformities recorded? Are corrective actions effective and closed out? |
| Customer Feedback | Is customer feedback collected and acted upon? |
Phase 4: Reporting Findings
Findings fall into several categories:
- Nonconformity (Major): A systematic failure or complete absence of a required process.
- Nonconformity (Minor): An isolated lapse or partial fulfilment of a requirement.
- Observation / Opportunity for Improvement: A risk or weak area that doesn't yet constitute a nonconformity but warrants attention.
- Positive Finding: Evidence of good practice worth recognizing and potentially spreading across the organization.
Write findings clearly, citing objective evidence. Avoid vague language — be specific about what was found, where, and why it matters.
Phase 5: Closing Meeting & Follow-Up
Present findings to management and auditees at the closing meeting. Allow time for questions and clarification. Issue the formal audit report promptly — ideally within a few days.
For each nonconformity, the auditee must complete a corrective action within an agreed timeframe. The audit cycle is not complete until corrective actions have been implemented and verified as effective.
Common Audit Mistakes to Avoid
- Using closed yes/no questions that miss the real picture
- Auditing only documentation and ignoring actual practice
- Allowing auditors to audit their own processes
- Failing to follow up on corrective actions
- Treating audit findings as personal criticism