ISO audit – 5 important steps in every organization

Most companies decide to get ISO certified without positive thoughts about the process. Yes, it is long and hard and makes you question everything, especially when your Internal Audit doesn’t go well. But it is all worth it. The Internal Audit is a must in the process to maintain ISO registration. Companies should not see it as an investigation to dig up all the dirt, but as a chance to further improve the quality of processes and products. Here are five steps in the Internal Audit that are important for every organisation.

Plan the Audit Schedule

It is a key part that everybody knows what processes will be audited and when will it happen over the upcoming cycle. The biggest mistake that companies make is going into the audits without a plan, making it all a big surprise. It gives a message to the employees that their management doesn’t trust them and wants to jump their work stations at most vulnerable, without giving them a chance to prepare. Who benefits? Nobody! By publishing the audit intentions, management gives a message that the audit is actually there to support the process of improving the overall quality of the company and that the auditors are to be considered as help, not enemy. Publishing the audit schedule will motivate the process owners to finish their improvement projects.


Plan the Process Audit

Whereas the first step was a general time outline, here we get into the individual process audits. Their owners need to be consulted as to when they should be finished with their improvements and when the audit could possibly take place without disrupting the process itself. The audit is of high value to the process owner whenever he decides to actually see it as help.


You might want to check the GDPR implementation guide as well!

Conducting the Audit

It should all start with a meeting to make sure that the audit plan is ready. The auditor then goes to gather information, review records, talk to employees, analyse process data and even observe the process itself. It’s all for good reasons. Auditor will see if there were improvements made based on the previous audit and if there are any areas that need further improvements – he can also use dedicated software for ISO audits, e.g. ins2outs – it is simple in use, especially because good UX and able to cooperate with different devices. The best thing that the auditor does for the process owner is not only identifying areas that aren’t functioning properly, but also show how they could be working better. Ideas are, above all, highly valuable.

ins2outs roles

In this screenshot above you can see ins2outs’ roles function which is a superb feature for organizations.

Then there is the reporting stage and the follow-up on issues or improvements part. Make sure that you fix problems that the auditor has found in the process. If improvements have been made based on the areas identified by the auditor, they will see the progress and praise you, which will turn into further motivation to do better. Audits are not to be dreaded. Use them to your advantage.