internal audit

from Wikipedia, the free encyclopedia
The process of an internal audit and relevant documents

The internal audit (also 1st party audit) is a special type of audit in the area of management systems , in which this is carried out by an employee of the organization. ISO 19011 is a guideline for planning, performing and following up internal audits .


The word "audit" originally comes from Latin (Latin audire = to listen). In the context of internal audits, its meaning can best be derived from English (eng. Audit = company audit). The internal audit is therefore a self-examination of the management system. In the ISO 9000 series, an audit is also defined as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively in order to determine to what extent the audit criteria have been met.

Internal audit process

The process of an internal audit as well as the associated tasks and documents are defined in the ISO standard ISO 19011 "Guidlines for Auditing Management Systems" or the DIN standard DIN EN ISO 19011 "Guidelines for auditing management systems". Accordingly, the process of an audit is divided into the following steps:

Definition of the audit program

The number and scope of one or more audits that are to be carried out over a certain period of time are specified in the audit program. Among other things, the roles of the individual responsible persons, the organizational unit to be audited and the place and time of the audit are specified.

Implementation of the audit program

The top management approves the audit program and informs the affected areas. The audit team is selected and the audit program is assessed and improved. In addition, the audit program is continuously monitored.

Initiate the audit

After all persons involved have been informed, the necessary conditions for the feasibility of the audit are created.

Prepare the audit activities

In the next step in planning, most companies create an audit plan, which is usually implemented by the internal auditor. This should at least contain information on the processes, process owners, auditors, duration, location and the relevant standard specifications. Among other things, the auditor discusses an agenda and relevant documents for the scheduled audit with the area to be audited. In preparation, the auditor also creates an audit checklist based on various audit criteria.

Carrying out the audit activities

The audit begins with an opening meeting, in which the individual parties introduce themselves and coordinate the audit plan again. The actual audit is then carried out, with the auditor proceeding step-by-step and finally explaining conformities and non-conformities. The latter are described as a deviation notice and agreed with the management. Finally, there is a final discussion in which a conclusion is drawn.

Creation and distribution of the audit report

The audit report is drawn up after the actual audit. This should include the objectives of the audit, the scope of the audit, audit criteria, audit findings and audit conclusions. The audit report is then distributed to all recipients named in the audit process.

Complete the audit

Corrective measures are derived and defined by the audited department from the deviations identified in the audit. This catalog of measures is coordinated with top management and then implemented. The conclusions drawn from the audit should also be incorporated into the continuous improvement process of the management system.

Perform audit follow-up

The effectiveness of the implemented corrective measures is continuously monitored and verified. An evaluation of the effectiveness of the internal audit is also often presented in the course of the management review. Measures can also be derived here, which are then incorporated into the audit program. As these activities follow after the “completion of the audit”, they are often viewed as not belonging to the audit.

Conducting discussions in the audit

The right communication strategy is essential for an efficient audit process. This is usually determined primarily by the questions asked in the audit. The audit is opened by a strategic entry in which, for example, the set goals are questioned. This is followed by the main part with a three-part system of questions, which provides for the following types of questions:

  1. Questions about the process environment
  2. Strategy-specific questions
  3. Questions about standard conformity

Finally, the strategic exit from the audit is again a question, for example by asking what things will be different in a year. Overall, questions asked in the audit should be asked as openly as possible so that as much information as possible is received. For example, if a decision is to be made, closed questions usually make more sense.

Goals of internal audits

The primary goal of an internal audit is to uncover non-conformities or the need for action within the organization and to counteract them sustainably. As a result, the quality of the products or services is continuously improved and thus also customer satisfaction. Other goals are:

  • Self-check whether the management system meets the requirements of the standard
  • Check whether the requirements specified by the company are being met
  • Examination of the effectiveness of the management system
  • Drive continuous improvement
  • Improvement through knowledge transfer and finding optimal solutions

Individual evidence

  1. Management system standards. ISO International Organization for Standardization, accessed September 3, 2019 .
  2. What is an internal audit? VOREST AG, accessed on September 6, 2019 (German).
  3. DIN EN ISO 19011 guidelines for auditing management systems (ISO 19011: 2018). DIN German Institute for Standardization, accessed on September 5, 2019 (German).
  4. ISO 9001 Auditing Practices Group Guidance on: Audit Reports. ISO & IAF, accessed on September 9, 2019 .
  5. Audit and internal audit. In: Qualitä Retrieved September 3, 2019 (German).