Internal Auditing has two main purposes. Firstly, to ensure that the organization’s own ISO systems and processes are being followed. And secondly to ensure that the requirements of the ISO management standard, or standards, in use are being followed.
Internal Audits are planned or scheduled such that all processes and all clauses of the ISO standard are audited over a defined period. Suitably qualified Internal Auditors are selected based on their impartiality and objectivity (so often smaller organizations use external consultants as their internal auditing resource).
Internal Auditors look for evidence of conformance with requirements. Where this is not the case, a non-conformance is raised, and appropriate corrective action taken.
Internal Auditing is one of the key clauses in ISO management standards. Organizations should want to know that they are doing what they think they are doing, and to put this right if they have gone off track. This ensures that they meet both their operational and consequentially strategic objectives.
Best Practice organizations recognise this and top management in these organizations ensure that Internal Auditing is given the profile and resources required. The top management in these organizations understand that from time to time non-conformances will arise and will be detected during the Internal Auditing process. They will expect this and understand that the corrective action process is a way for the organization to continually improve.
Note that effective Internal Auditing will also reduce the likelihood of having external non-conformances raised by their Certification Body, although this should not be the first priority.