ISO Internal Audit – A Plain English Guide
eBook - ePub

ISO Internal Audit – A Plain English Guide

A Step-by-Step Handbook for Internal Auditors in Small Businesses

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

ISO Internal Audit – A Plain English Guide

A Step-by-Step Handbook for Internal Auditors in Small Businesses

About this book

Let's be realistic – it is human to make mistakes, so it's impossible to have a system with no errors; it is, however, possible to have a system that improves itself and learns from its mistakes. Internal audits are a crucial part of such a system. In this book, Dejan Kosutic, an author, and experienced ISO consultant is giving away his practical know-how on ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, AS9100 and IATF 16949 internal audits.

This book is written primarily for beginners in internal auditing and for people with moderate knowledge about internal audits. On the other hand, if you do have experience with internal audits, but you feel that you still have gaps in your knowledge, you'll also find this book helpful. So, no matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits.

Inside you will find not just basic information about the internal audit and ISO 19011 but also information on how to create the internal audit checklist, how to write the internal audit report, what are the best technics for finding evidence during the audit, how to perform interviewing during the audit and much more.

Kosutic uses real-life examples and plain English in order to explain everything that is necessary to completely understand how to perform an internal audit for all ISO management standards.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access ISO Internal Audit – A Plain English Guide by Dejan Kosutic in PDF and/or ePUB format, as well as other popular books in Business & Operations. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Advisera Expert Solutions Ltd
eBook ISBN
9789538155031
Topic
Business
Subtopic
Operations
Index
Business

1
 INTRODUCTION

 
Why is the internal audit so important for management systems, and how can it be useful for the company? What will you find in this book? And, is this book the right choice for you?
Note: This book covers the internal audit process for all ISO management standards – ISO 9001, ISO 14001, ISO 27001, ISO 20000, and ISO 13485, but also OHSAS 18001 and IATF 16949 (former ISO/TS 16949) – so when I refer to “ISO standard” or simply “standard,” by this I mean any of these standards. Also, when I mention “management system,” I mean the system that is compliant with any of these standards – e.g., Quality Management System according to ISO 9001, Information Security Management System according to ISO 27001, etc.
 

1.1 Why companies need internal audits

From my experience as a certification auditor, the sad truth is that most organizations perform internal audits just to satisfy the certification body.
Such internal audits usually uncover a few minor nonconformities, which do not get deep into the real problems of the company’s management system. And this is very unfortunate because this is a waste of time – if companies have invested the time of their internal auditors to perform such jobs, they should gain some benefits out of it.
The point with internal audits is that they should discover problems that would otherwise stay hidden and would therefore harm the business. Let’s be realistic – it is human to make mistakes, so it’s impossible to have a system with no errors; it is, however, possible to have a system that improves itself and learns from its mistakes. Internal audits are a crucial part of such a system.
On the positive side, as a certification auditor I did see some organizations performing internal audits in the right way, and for the right reasons. Although their employees did feel a little uncomfortable about the internal auditor checking their activities, very soon they saw the benefits of such an approach – problems became transparent, and were resolved rather soon.
How are these benefits of the internal audit achieved? Here are some tips:
1) The management should view the internal audit as one of the best tools to improve the system, not only as a means to get certified.
2) The internal auditor should be the right person for the job – this means he/she must be qualified, but also motivated and trained to perform this job.
3) The internal audit should be performed in a positive way – the aim should be to improve your system, not to blame the employees for their mistakes.
In this book I’ll explain how to achieve all this.
 

1.2 ISO 19011 – A standard focused on auditing

There is an ISO standard that describes how to perform the audits – it is called ISO 19011. It describes the auditing principles, how to manage the audit program, the required activities during the audit, and the necessary knowledge for auditors.
The principles of ISO 19011 can be used for any type of auditing – a certification audit, an audit of suppliers, and of course, the internal audit.
In this book I included all the main principles of ISO 19011, and scaled them down for the purpose of the internal audit – because the internal audit is not as complex as a certification audit, I have simplified many of the guidelines from ISO 19011 to make them easy to use when performing the internal audit in a small company.
 

1.3 Who should read this book?

This book is written primarily for beginners in internal auditing and for people with moderate knowledge about internal audits – I structured this book in such a way that someone with no prior experience or knowledge about internal audits can quickly understand how the whole audit process works, and what the steps are for its successful completion.
On the other hand, if you do have experience with internal audits, but you feel that you still have gaps in your knowledge, you’ll also find this book helpful.
 

1.4 How to read this book

This book is written as a step-by-step guide for auditing, and Chapters 2 to 5 should be read in the exact order they are written, because this sequence represents the best way of planning and performing an internal audit.
Here are some additional features of this book that will make it easier for you to read it and use it in practice:
  • Some sections contain tips for free tools and for documents that are to be used during the internal audit.
  • At the ends of the most important chapters, you’ll see a section called “Success factors,” which will emphasize what you need to focus on.
  • At the end of this book you’ll see a chapter that will help you decide whether you want to pursue your career in becoming a certification auditor.
 

1.5 What this book is not

This book is about the internal audit process; it is not about how to certify your company or how to implement the standard – the implementation process is quite lengthy and involves a lot of steps that are outside the scope of this book.
This book won't give you finished templates for internal audit policies, procedures, and plans; however, this book will explain which documents you will need to perform an internal audit, and how to structure those documents.
This book is not a copy of any ISO standard – you cannot replace reading the standard by reading this book. This book is intended to explain how to interpret the ISO clauses about the internal audit, and describe best practices when performing the internal audit.
Because this book is focused on internal auditing, it does not explain other elements of ISO standards like document management, risk management, operations, measurement, etc.
 

1.6 Additional resources

Here are some resources that will help you, together with this book, to learn about internal auditing:
  • ISO online courses – free online trainings for ISO 9001, ISO 14001, and ISO 27001 internal auditors.
  • ISO 27001 free downloads, ISO 9001 free downloads, and ISO 14001 free downloads  – a collection of white papers, checklists, diagrams, templates, etc.
  • Conformio – a cloud-based document management system (DMS) and project management tool focused on ISO standards that can be used for auditing purposes.
  • ISO 9001 Internal Audit Toolkit – a set of all the documentation templates that are required for performing the internal audit; similar toolkits exist for other ISO standards.
  • Official ISO webpage – here you can purchase an official version of any ISO standard.
 
 

2
BASIC THINGS ABOUT THE INTERNAL AUDIT

In this chapter I’ll give you an overview of the internal audit in the ISO world – its main purpose, how it is different from external (certification) auditing, the exact requirements of ISO standards, how you should select an internal auditor, the main outputs of the internal audit job, etc.

2.1 Internal vs. external audit

As mentioned earlier, ISO 19011 is a standard that describes how to perform audits – this standard defines an internal audit as “conducted by, or on behalf of, the organization itself for management review and other internal purposes.” This basically means that the internal audit is performed by your own employees, or you can hire someone from outside of your company to perform the audit on behalf of your company.
On the other hand, the external audit is done by a third party ...

Table of contents

  1. COVER
  2. ABOUT THE AUTHOR
  3. TABLE OF CONTENTS
  4. PREFACE
  5. ACKNOWLEDGMENTS
  6. 1 INTRODUCTION
  7. 2 BASIC THINGS ABOUT THE INTERNAL AUDIT
  8. 3 ORGANIZING AN INTERNAL AUDIT
  9. 4 STEPS IN THE INTERNAL AUDIT PROCESS
  10. 5 PERFORMING THE MAIN PART OF THE AUDIT
  11. 6 BONUS CHAPTER: DEVELOPING AN AUDITING CAREER