News

What is an internal audit?

What is an internal audit?
A requirement of almost every standard is to conduct annual internal audits. We would be happy to tell you more about what the internal audit entails and how to approach it as an organization.
This article was last updated on
14/5/2024

What is an internal audit

An internal audit is a thorough investigation within your organization into the proper and reliable functioning of business processes and ways of working. For the ISO 9001 and ISO 27001 standards, it is a mandatory part of continuous improvement to periodically conduct an internal audit. In addition, it is stated that the internal auditor must be objective and impartial. This means that the internal audit is not conducted by anyone involved in it.

In practice, we often see that an annual internal audit is performed. Based on an audit schedule, all components are reviewed and tested. The internal audit is used as a dress rehearsal for the external audit. Depending on the size of the organization, an internal audit takes from 1 day to sometimes several weeks.

The purpose of an internal audit

The purpose of the internal audit is to examine whether the management system meets the requirements from the standard, including the additional requirements that the organization has imposed on itself. It is nice to establish that you meet the requirements, but identifying deviations and points for improvement for the organization is much more valuable. This way, these points can be picked up in time for the external audit.

What does an internal audit look like?

During an internal audit, we look for improvements to your organization's management system . The internal auditor must be objective and impartial. This means that the internal audit may not be performed on parts of the management system by anyone who is responsible for or involved in it. Often you see that organizations outsource this to an external organization. From the standard, this is allowed. In fact, this makes the audit more valuable because of the experience and knowledge of management systems and processes that an external consultant has.

Conduct internal audit

Roadmap:

  1. Planning and preparation: The scope of the audit is determined. The departments and processes involved are drawn up. Then an audit plan with an agenda is made and sent to you. This way you know exactly what to expect.
  2. Documentation review: All relevant documentation such as policy documents, procedures, forms and reports are reviewed.
  3. Conduct interviews: Employees involved in the audited processes are interviewed. This is to gain insight into how the processes are carried out. 
  4. Conduct observations: On-site observation of processes to verify that they match documentation and interviews.
  5. Record findings: All findings are noted, including strengths and areas for improvement. This is recorded in an audit report.
  6. Prepare report: A report is prepared with the discrepancies and recommendations, including action plan for implementing the recommendations.
  7. Follow-up: Together we follow up on the implementation of the deviations and verify that the recommendations have been implemented.

What is the difference between an internal and external audit?

  • Internal auditors conduct internal audits. This means that the internal audit may not be performed by anyone involved in it. External audits are conducted by a certifying body.
  • An internal audit is aimed at improving the internal organization. An external audit ensures that an organization demonstrates that they meet specific requirements a laws and regulations. The purpose of this audit is certification.

What types of audits are there?

In addition to the possibility of conducting an internal audit on the standard, there are other types of audits:

  • Objective audit: These audits are aimed at auditing an organization's financial information and accounting records.
  • Process-oriented audit: These audits focus on evaluating the efficiency and effectiveness of an organization's business processes.
  • Theme audit: These audits focus on a theme, such as assessing an organization's IT systems, processes and security or auditing financial information.
  • Compliance audit: These audits are aimed at verifying the organization's compliance with internal and external regulations, standards and legislation.

In short

Avoid external audit stress by preparing properly with an internal audit. Have professional consultants conduct the internal audit. This will ensure that the management system is tested effectively and independently. This increases the chances of finding and implementing improvements within the organization. View our internal audit here.

Find out what our implementation process looks like

In our white paper, we take you step by step through our implementation process.

Download Now
Wouter Vreeburg
Owner
085 773 60 05
To news overview

Related articles

Information Security
NIS2: Mandatory training for management and directors.
read more
News
Fendix offers everything you need for Security Awareness with Guardey
read more
KAM Certifications is now Fendix

We are a partner of