ISO 9001; 14001 and 45001 Clause 9.2 Internal Audit – What is the requirement?

This blog post will simplify the requirements within Clauses 9.2

Clause 9.2: Internal Audit.

The organisation must conduct internal audits at planned intervals to provide information on whether the management system conforms to the organisation’s own requirements for its management system, including the policies, procedures, objectives and the requirements of the respective standards as stipulated within the clauses.  In addition, the audit allows the organisation to determine if its management system is effectively implemented and maintained. The extent of the audit programme should be based on the complexity and level of maturity of the management system.

A system audit is a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. The term systematic means the company must plan and document its system for auditing. It must have management support and resources behind it. Audits must be performed in an impartial manner, which requires auditors to have freedom from bias or other influences that could affect their objectivity. Internal audits must be carried out to a process according to requirements given in clause 9.2 of ISO 9001:2015. The process must address the responsibilities for conducting the audits, ensuring independence, recording results, and reporting to management.

Audits obtain objective evidence of conformity with requirements. The evidence must be based on fact and may be obtained through observation, measurement, test, or by other means. Evaluating the extent to which audit criteria are fulfilled involves an assessment of both implementation and effectiveness. The presence of non-conformities in a department or process may indicate the system is ineffective for those areas.

Audit criteria refer to the specific policies, objectives, procedures ISO requirements, documentation, customer and regulatory requirements, etc., that the audit is referenced to or conducted against. Audit methods refer to the specific techniques that auditors use to gather objective audit evidence that can be evaluated to determine conformity to audit criteria.

After the audit is complete the auditors must ensure that the results of the audits are reported to relevant managers. In addition, relevant audit results must be reported to workers; where they exist, to workers’ representatives and to other relevant interested parties.

The organisation must take action to address non-conformities in a timely and efficient manner and continually improve its management system performance. The audit report should be clear, precise and comprehensive.

The organisation must retain documented information as evidence of the implementation of the audit programme and the audit results.

Join our mailing list to receive upcoming posts: http://www.isoqar.co.za/