How to Implement a QMS and Achieve ISO 9001 Certification: Clause 9.2 - Internal Auditing

Posted by Craig Thornton

Part 27: Clause 9.2 - Internal Auditing

I think the internal auditing clause of ISO 9001 has had more articles, blogs, webinars, videos and letters to the editor produced about it than any other clause in ISO 9001.  Perhaps only Document Information (clause 7.5) comes close to having a similar number of column inches dedicated to analysing it.

Not to buck the trend, I have written and presented numerous times on the subject of Internal Auditing. 

9.2.png

Here is a list of those articles I have written about it:

 Here are the webinars I have presented on the topic:

Clause 9.2.1 requires that you conduct internal audits at planned internals.  The technique of doing internal audits is up to you.  The length of the intervals between audits is up to you.  The way you’ll decide how your organisation conforms to your QMS and ISO 9001 is up to you.  The manner by which you’ll determine how effective and maintained the system is, is up to you.  It really is a free-for-all.  The only requirement is that you have to do it.

I have found that internal audits give great value but it can be a confrontational experience and, depending on your interview technique, people can be uncooperative and defensive.  I would highly recommend getting some internal auditor training from local experts to help find the best techniques to prevent and/or overcome such experiences.

The clause 9.2.2 has the nitty gritty on how to conduct the audits.

First, plan your approach to internal audits based on the importance of the processes.  A mistake most companies make is to audit absolutely everything once a year.  The standard gives you flexibility around this, so use your resources wisely and only audit what is important or what is the highest risk to your business.  

Second, for each audit work out the scope of what will be covered.  You can’t audit 100% of the process, but you do need to cover enough to be satisfied that the important issues have been captured.

Third, make sure the auditors are independent of the process under audit.  This can be tricky so you need to give it plenty of thought. 

Fourth, report all findings to the relevant mangers so there aren’t any surprises.

Fifth, ensure that the corrective actions from the audit are dealt with.

Finally, retain the audit results in a document.

For example, here at Mango we are taking an innovative approach to internal auditing.  We are using a DIME (documented, implemented, monitored and effective) matrix to ensure the QMS conforms.  The DIME approach is referenced in this webinar: Freshening-up Your Internal Auditing Programme.

 

Takeaways

Here is a list of takeaways that will help you meet clause 9.2:

  1. Only audit what is important or what is the highest risk to your business.
  2. For each audit work out the scope of what will be covered.
  3. Make sure the auditors are independent of the process.
  4. Keep records of the audit.

 

Integrated_Management_System_manuel.jpg

View previous blogs in this series "How to Implement a QMS and Achieve ISO 9001 Certification":

How to Implement a QMS and Achieve ISO 9001 Certification - Part 1: Introduction

How to Implement a QMS and Achieve ISO 9001 Certification - Part 2: Customer Focus

How to Implement a QMS and Achieve ISO 9001 Certification - Part 3: Leadership

How to Implement a QMS and Achieve ISO 9001 Certification - Part 4: Engagement of People

How to Implement a QMS and Achieve ISO 9001 Certification - Part 5: Process Approach

How to Implement a QMS and Achieve ISO 9001 Certification - Part 6: Improvement

How to Implement a QMS and Achieve ISO 9001 Certification - Part 7: Evidence Based Decision Making 

How to Implement a QMS and Achieve ISO 9001 Certification - Part 8: Relationship Management

How to Implement a QMS and Achieve ISO 9001 Certifiaction - Part 9: Clauses 0.1, 0.2, 0.3, 1, 2 and 3 of ISO 9001:2015

How to Implement a QMS and Achieve ISO 9001 Certification - Part 10: Clauses 4.1, 4.2, 4.3 and 4.4 – Context, Interested Parties, Scope, QMS

How to Implement a QMS and Achieve ISO 9001 Certification - Part 11: Clauses 5.1 Leadership and Commitment

How to Implement a QMS and Achieve ISO 9001 Certification - Part 12: Clause 5.2 Policy

How to Implement a QMS and Achieve ISO 9001 Certification - Part 13: Clause 5.3 Roles, Responsibilities and Authorities

How to Implement a QMS and Achieve ISO 9001 Certification - Part 14: Clause 6.1 Actions to Address Risks and opportunities

How to Implement a QMS and Achieve ISO 9001 Certification - Part 15: Clause 6.2 Objectives

How to Implement a QMS and Achieve ISO 9001 Certification - Part 16: Clause 7.1 Resources

How to Implement a QMS and Achieve ISO 9001 Certification - Part 17: Clause 7.2 and 7.3 - Competence and Awareness 

How to Implement a QMS and Achieve ISO 9001 Certification - Part 18: Clauses 7.5 - Documented Information

How to Implement a QMS and Achieve ISO 9001 Certification - Part 19: Clauses 8.1 - Operational Planning and Control

How to Implement a QMS and Achieve ISO 9001 Certification - Part 20: Clauses 8.2 - Requirements for Products and Services

How to Implement a QMS and Achieve ISO 9001 Certification - Part 21: Clauses 8.3 - Design and Development

How to Implement a QMS and Achieve ISO 9001 Certification - Part 22: Clauses 8.4 - Control of Externally Provided Processes, Products and Services

How to Implement a QMS and Achieve ISO 9001 Certification - Part 23: Clauses 8.5 - Production and Service Provision

How to Implement a QMS and Achieve ISO 9001 Certification - Part 24: Clause 8.6 - Release of Products and Services

How to Implement a QMS and Achieve ISO 9001 Certification - Part 25: Clause  8.7 - Control of Non-Conforming Outputs

How to Implement a QMS and Achieve ISO 9001 Certification - Part 26: Clause  9.1 - Monitoring, Measurements, Analysis and Evaluation

Tags: Quality Management, ISO 9001, ISO 9001 certification, ISO 9001 accreditation