Knowing how to conduct internal quality audit is key if you want to meet ISO 9001 requirements and stay compliant long-term. You need to check whether what you say you’re doing in your quality system actually matches what happens in practice. The internal audit gives you that opportunity. You’re not waiting for an external auditor to find problems; you are looking for them yourself, ahead of time.
If you’re aiming for ISO 9001 certification in Australia, you’ll need to show clear and consistent evidence that your processes are being followed and regularly reviewed. That is what internal auditing does. It gives you a structured, fact-based method to review your system, identify issues, and track improvements. Done properly, it keeps your business sharp, your records accurate, and your staff prepared.
This article explains how to conduct internal quality audit activities in line with ISO 9001. You’ll learn where internal audits fit in the certification process, who should carry them out, when to schedule them, and what to do with the results. You’ll also see how to use software like FocusIMS to make audit planning, tracking, and reporting easier across your business.
What Is an Internal Quality Audit in ISO 9001?
An internal quality audit in ISO 9001 checks whether your business is following the processes outlined in your quality management system. It verifies that documented procedures match what actually happens in daily operations. If you want to learn how to conduct internal quality audit activities correctly, you need to start with a clear understanding of its purpose, its place in your system, and what you can gain beyond passing an audit.
Definition and Purpose
Internal audits are structured checks that you or someone in your business carries out. The goal is to confirm that processes:
- Follow the documented procedures you’ve created
- Meet the ISO 9001 certification requirements
- Continue to deliver planned results
- Identify areas for improvement
You do this before an external auditor ever walks through the door. That means you control the timing, scope, and focus. You use real evidence, like records and observations, to confirm that things are working as intended. If they’re not, you take action.
Role in the Quality Management System
Audits are not optional. ISO 9001 clause 9.2 requires you to plan and conduct them regularly. They are one of the key ways you monitor whether your quality system is effective.
Internal audits allow you to:
- Test whether the team follows your processes
- Confirm your system is producing the expected outcomes
- Catch gaps early before they affect customers or compliance
- Support other quality activities like risk assessments and management reviews
Internal audits help you stay in control and maintain a system that improves over time.
Benefits Beyond Certification
While audits are part of meeting requirements, the benefits go further than a certificate on the wall. If you treat audits seriously, they become a tool to strengthen your business.
The benefits of ISO 9001 certification are clearer when audits are used to:
- Pinpoint process failures before they grow into costly issues
- Improve employee understanding of roles and procedures
- Build a culture of accountability and continuous improvement
- Provide reliable data for decision-making
When you know how to conduct internal quality audit activities properly, you give yourself more than compliance. You gain insight, control, and a better ability to meet customer expectations.
Where Do Internal Audits Fit in the ISO Certification Process?
Internal audits are a key requirement in ISO 9001 and a practical tool to check whether your quality management system works as expected. They help you find gaps before they affect your business, and they prepare you for external audits. If you want to understand how to conduct internal quality audit activities correctly, you need to know where they sit in your certification plan.
FocusIMS developed this roadmap to work directly with the ISO 9001 compliance software. FocusIMS makes ISO 9001 implementation easy to complete and simple to maintain. For businesses that don’t yet have the resources or skills to conduct internal audits, FocusIMS also offers support as part of our ISO Certification Package.
The onboarding program is broken down into 7 sections across 7 days. Each section helps you complete part of the standard and understand how each clause fits into your day-to-day operations:
- Day 1: Personnel Management
- Day 2: System Management
- Day 3: Supplier Management
- Day 4: Asset Management
- Day 5: Risk Management
- Day 6: Client & Project Management
- Day 7: Planning & Communication
Stage 2: Validate
Internal audits support Step 2 of the FocusIMS ISO Certification Roadmap, which is mostly covered during Days 1 to 6 of onboarding. This stage checks whether you are doing what you’ve documented in your system.
You should:
- Review each process against the documented procedure
- Observe actual operations and check relevant records
- Identify missing or incomplete steps
- Fix the gaps before the certification audit
- Prepare staff for what third-party auditors will ask
This gives you the confidence that your system holds up under review.
Stage 3: Maintain and Improve
Internal audits also play a major role in Step 3 of the FocusIMS ISO Certification Roadmap, which is introduced in Day 7—Planning and Communication. Once certified, your focus shifts to maintaining and improving your system.
You should:
- Set an audit schedule and stick to it
- Use audits to find opportunities to improve
- Discuss audit outcomes in management reviews
- Track nonconformities and close them properly
When you complete these onboarding stages using FocusIMS, you’re ready for Steps 5 and 6: the Stage 1 and Stage 2 certification audits. You can now move forward and book these with your certification provider.
If you use iso compliance software like FocusIMS, you can plan, conduct, and follow up on audits within one system. It keeps everything connected and easy to manage.
Who Should Conduct an Internal Audit?
To run a proper internal audit, your auditor must understand ISO 9001 requirements, your documented system, and the processes they are auditing. You must make sure they’ve received training in how to conduct internal quality audit activities. Pick an auditor who has the skills to interpret evidence, ask the right questions, and assess compliance. The auditor also needs to understand how the system fits into the broader context of your business, as outlined in ISO 9001 Clause 4.
At the same time, the person conducting the audit must be independent from the area being audited. They can work within the business, but they should not audit their own work. This separation avoids bias and helps maintain objectivity. If your business is small, you may need to rotate roles or bring in support from another department.
In some cases, you might choose to use an external auditor. This can be useful if your team lacks time, training, or familiarity with ISO 9001. External auditors bring technical knowledge and a fresh perspective. Whether you go in-house or external, the priority is making sure the auditor is competent, impartial, and able to add value beyond checking boxes.
When Should You Conduct Internal Audits?
You should schedule your internal audits early—well before your certification audit. Waiting too long increases the risk of missing gaps that could affect your readiness. Plan to complete a full cycle of internal audits before you engage a certification body. This gives you enough time to correct any issues and confirm your system works as intended.
After certification, your internal audits must continue. How often you audit each area depends on the level of risk. High-risk areas, like legal compliance, safety, or customer-facing processes, need more frequent attention. Lower-risk areas may not require the same frequency, but you still need to review them on a regular cycle. The audit schedule should reflect your understanding of the business, the consequences of failure, and past performance.
Over time, update your schedule based on what the audits reveal. If a process has repeated nonconformities, audit it more often. If a low-risk area shows stability and strong records, you can extend the time between reviews. Process changes, staff turnover, or new legislation are also triggers for audit rescheduling.
This approach keeps your system responsive and aligned with ISO 9001 document control requirements. When you know how to conduct internal quality audit activities with risk and timing in mind, your audit program becomes a practical tool.
How to Prepare for an ISO 9001 Internal Audit
Before you audit anything, you need to understand what the standard expects. Start by reviewing the ISO 9001 clauses relevant to the audit. You should be clear on the intent and requirements of ISO 9001 clause 4, which covers the context of the organisation, and ISO 9001 clause 5, which focuses on leadership and commitment. Next, look at ISO 9001 clause 6 on planning, ISO 9001clause 7 on support functions like resources and competence, and ISO 9001 clause 8, which addresses the core operational processes. Understanding these clauses will guide you in deciding what to check and what evidence to collect.
Once you know what to audit, define the scope and objective. Scope tells you what areas or processes you will cover. Objective explains why you are auditing. That might include verifying compliance, checking for improvements, or preparing for certification. Be specific. Don’t try to cover everything at once.
After setting the scope, collect the documents, procedures, and records linked to those areas. This includes work instructions, logs, reports, and checklists. You should also review previous audit results and corrective actions.
Finally, let the right people know. Inform the staff involved in the audit. Share the audit plan so they know what to expect and when. When you know how to conduct internal quality audit preparation properly, the audit becomes a routine check instead of a disruption. Clear planning and communication are what turn audits into a useful business tool.
How to Conduct the Internal Quality Audit
Understanding how to conduct internal quality audit activities with discipline helps you prepare for certification and supports continuous improvement. You can later compare audit findings with your ISO 9001 gap analysis to prioritise corrective actions and build a stronger system.
When you apply these steps consistently, you gain a clear view of what’s working and what needs attention.
1. Start with an Opening Meeting
Begin by gathering the relevant staff and setting the tone for the audit. The lead auditor explains the purpose, confirms the scope, introduces the schedule, and outlines how the audit will be conducted. This meeting should be clear and brief. It helps reduce uncertainty and makes expectations transparent from the start.
2. Interview, Observe, and Gather Evidence
Next, move through the areas covered by your audit plan. Interview staff who perform the tasks. Ask them to explain what they do and why. Observe their work and compare it with your documented procedures. Check records, reports, forms, and logs for accuracy and completeness. You must find objective evidence that the process is being followed as described.
3. Identify and Record Nonconformities
If you find a process that does not match the documented procedure, or a requirement that is not being met, record it as a nonconformity. Describe the issue clearly and point to the specific requirement it fails to meet. Include what you observed, what you asked, and what records you checked. Avoid generalisations. Use facts.
4. Stay Objective and Fact-Based
Stay neutral throughout the audit. Focus on what you can prove. The goal is not to blame anyone, but to find gaps and improve. This is what turns a checklist activity into a meaningful review.
How to Document Audit Results
After you complete the audit, you must document the results in a clear and structured way. Use direct language. Write what you saw, heard, or read—nothing more, nothing less. Each finding should link to a specific requirement or clause. This avoids confusion and keeps the report focused on facts. Avoid general statements. If a record was missing, name it. If a process wasn’t followed, describe exactly what was done instead.
Then, categorise each issue. A nonconformity means a clear failure to meet a requirement. It could relate to process, documentation, or records. An observation is not a failure but may point to a risk, inefficiency, or unclear practice. Treat both seriously. Both provide opportunities to improve. Label them clearly and consistently, especially if you are tracking actions over time.
Once the report is complete, share it with the right people. This includes the process owner, managers, and anyone responsible for corrective actions. If you are using FocusIMS, distribute the audit report through the system so it stays linked to your risk register, audit schedule, and improvement actions.
How to Act on Audit Findings
Once you complete your internal audit and record the findings, you must act on them with purpose. Start by reviewing each nonconformity and identifying the root cause. Ask clear, structured questions to find out why the issue occurred and what needs to change. Then develop corrective actions that solve the problem at its source. Avoid patch fixes. Your goal is to prevent the issue from recurring.
After defining each action, assign it to someone with the authority and resources to complete it. Make responsibilities clear and set a firm deadline. Use language that removes doubt. Write exactly what needs to be done, who will do it, and when it must be finished. This keeps the process focused and prevents delays.
Next, follow up to verify that each action was completed properly. Check the records. Observe the process again if needed. Speak to the people involved. Confirm the change is working and that the issue is resolved. Only then can you close the action with confidence.
Tools and Templates to Support Internal Audits
The right tools make it easier to manage internal audits without missing key details. For example, you can set and audit schedule with FocusIMS to help you plan and spread audits across the year. You can assign audits by process, team, or risk level. This allows you to cover your system in full while keeping audits manageable and relevant to your business priorities.
To support the audit itself, you can build custom checklists based on ISO 9001 clauses or your own documented procedures. These checklists help auditors stay focused and consistent, especially when the process involves multiple people. They also provide structure for collecting evidence and checking compliance.
After the audit, you use corrective action logs to track what needs to change. Each log entry links to a finding and outlines the action, deadline, and responsible person. This ensures that issues are not forgotten or repeated. When updates are made, they are recorded and verified in the same place.
All findings, observations, and outcomes are captured in the audit report and saved in the audit register. This makes it easy to reference past audits, follow up on recurring issues, and report on trends during management review.
How Internal Audits Support ISO 9001 Clause 9
Internal audits are central to ISO 9001 Clause 9, which focuses on performance evaluation. Under Clause 9.2, you must plan and conduct audits at regular intervals to ensure your quality management system remains effective. Audits must be based on process importance, changes that affect the system, and results of previous audits. Knowing how to conduct internal quality audit activities that meet these criteria ensures your reviews stay targeted, reliable, and useful.
Beyond the audit itself, Clause 9.3 requires you to use audit results during management review. The information gathered provides a structured view of what’s working and what needs attention. It forms the basis for decisions about resources, customer satisfaction, nonconformities, and corrective actions. If you’re preparing for this stage, using a practical management review checklist helps you make sure you don’t miss anything and that audit data drives action.
Internal audits also support continual improvement, which is a core principle of ISO 9001. Findings highlight patterns, risks, and recurring issues. Each one gives you the chance to improve a process, update documentation, or strengthen controls. These improvements, once implemented, build confidence in your system.
Common Mistakes to Avoid in Internal Quality Auditing
Even with the best intentions, internal audits can fall short when you overlook key principles. Knowing how to conduct internal quality audit activities properly means avoiding habits that weaken the process and delay improvement.
Treating the Audit as a Checklist Exercise
A checklist is a useful tool, but the audit should never stop there. Auditors must go beyond ticking boxes. If the checklist becomes the focus, critical thinking is lost. Audits then fail to uncover weak points, and real risks remain hidden. Instead, use checklists to guide questions—not to limit them.
Failing to Act on Findings
An audit that identifies issues but leads to no action wastes time and resources. When you record a nonconformity, you must treat it as the starting point for improvement. Ignoring findings, delaying action, or closing issues without verifying results weakens your system. It also shows a lack of commitment to your quality management policies and procedures.
Overlooking Objective Evidence
Auditors must rely on what they see, hear, or read—not assumptions. Failing to gather proper evidence results in findings that cannot be supported or defended. This makes audits unreliable. You must base every conclusion on objective evidence that proves whether the process meets the requirement or not.
Not Involving the Right People
Auditing without the input of those who actually perform the work creates blind spots. Staff who carry out the tasks know the details, problems, and workarounds. Their insights reveal whether procedures are realistic and followed. Leaving them out leads to incomplete audits and missed opportunities.
Avoiding these common mistakes strengthens every stage of the process. It improves how you respond to risks, how you review performance, and how you meet your objectives. It also supports your business in meeting ISO 9001 expectations and reinforces practical skills during ISO 9001 employee training.
Using FocusIMS to Manage Internal Audits
Managing internal audits efficiently requires more than paper checklists and spreadsheets. FocusIMS gives you a digital structure that supports your audit process from planning to closeout. If you’re learning how to conduct internal quality audit activities with consistency, FocusIMS helps you do so with clear records, linked actions, and visible outcomes.
You can automate your audit schedules across departments or business functions. FocusIMS lets you set recurring dates and reminders, so you never miss a required review. The system assigns roles and actions in advance, removing the risk of miscommunication or missed steps.
Once you log audit findings, you can track nonconformities and corrective actions in real time. The platform captures the details, assigns responsibility, and sets deadlines. As team members update their progress, you can monitor completion without chasing emails or losing time in meetings.
Next, FocusIMS links your audit outcomes to broader business goals. Whether you are reviewing customer complaints, field safety issues or training compliance, audit data connects back to the relevant area of your business. This makes it easier to align actions with your quality management policies and procedures, not treat them as one-off fixes.
This connection becomes especially useful when preparing for certification or surveillance audits. All your audit records, reports, and actions are already in one place. You can quickly demonstrate how you handled past issues, monitored improvements, and used audit insights to strengthen your system.
FocusIMS helps you maintain visibility, stay organised, and reduce audit fatigue. Book a free discovery meeting to learn how to conduct internal quality audit with the help of our software.
