Table of Contents
- What is an ISO Internal Auditor?
- Are Internal Audits Necessary?
- The Internal Audit Process
- Advantages of Being a Certified Internal Auditor
- Business Applications of Internal Audits
- Internal Auditor Certification Does Not Apply to All Standards
- How do you become an ISO Certified Internal Auditor?
- The Objective is Not Just to Get a Certificate
- Required Competencies for Internal Auditors
- Additional Career Prospects for Certified Internal Auditors
Before we answer that question, let's start with a few things ...
What is an ISO Internal Auditor?
When the expression Internal Auditor is used, it refers to an auditor who participates, perhaps leads an ISO management system audit of his/her own organization's management system.
Are Internal Audits Necessary?
Internal audits are a mandatory and necessary part of an organization's obligation to demonstrate ongoing compliance with the requirements of the ISO Management System Standard(s) to which the organization subscribes.
At a practical level, internal audits help ensure that when external auditors come to check compliance - either a Certification Body auditing as the basis of continuing certification of compliance or Supplier Audits as the basis of placing business with the organization - there will be few if any non-compliances to be discovered.
Additionally, internal audit programmes are a great occasion to identify opportunities for improvement. After all, it is during internal audits that auditors are talking with the very people most familiar with the day-to-day workings of the organization.
How does the Internal Audit Process Go?
ISO Internal Auditing is not a boring box-ticking exercise but an engrossing set of activities involving:
- the interviewing of people doing the work that makes your organization a success,
- observing the workplace in action,
- checking workplace activities and processes, as well as
- scrutinizing documents and records,
Click on the image thumbnail to see the image in full size or click the button on the other side to go to our ISO auditor overview page to learn more about our courses.
What are the Advantages of Being a Certified Internal Auditor?
As experienced internal auditors have knowledge of the processes and activities at many levels and functions within the organization, they are frequently chosen for promotion ahead of their colleagues.
What are the Business Applications of Internal Audits?
The finance profession tends to use terms like internal auditor and lead auditor as if they only apply to the finance sectors.
ISO Management System Standards apply to any sector - quality, environment, energy, medical device manufacture, food safety, occupational health and safety, information security, etc.
It's best to refer to ISO Internal Auditors and ISO Lead Auditors in regards to these standards.
Does Internal Auditor Certification Apply to All Standards?
No. An internal auditor trained in the requirements of ISO 9001, the quality system standard, is not equipped to audit against the requirements of, say, ISO 14001, the environmental management system standard. This is for the simple reason that the two standards have very different objectives and significantly different detailed requirements.
So, an ISO 9001 Internal Auditor would need additional training (an ISO 14001 Extension Course) before they were capable of conducting an ISO 14001 audit.
That being the case,
How do you become an ISO Certified Internal Auditor?
In general, there are five steps that you need to take to become an ISO certified Internal Auditor.
- Acquire the temperament and personal attributes needed to be a successful Internal Auditor. Ideal attributes for internal auditors include being ethical, open-minded, diplomatic, observant, perceptive, tenacious, decisive, culturally sensitive, having the ability to act with fortitude, etc.
- Gain the technical experience, subject expertise, supervisory and managerial experience needed to conduct an audit. See a list of 5 benefits that you can get from having trained internal auditors.
- Complete an ISO-certified internal auditor training course. You can choose between a 2-day conventional course or 12-hour online course.
- Undertake internal audits as often as possible. 3 times-a-year is considered the minimum number of internal audits needed to maintain auditing skills.
- Finally, have yourself evaluated as a competent internal auditor. Typically this is done by a QHSE Manager, or equivalent and recorded in your personal training/competency record.
That being said, there are several things that you would need to consider if you want to become a certified Internal Auditor like the following.
Is Having an Internal Auditor Certificate Already Enough?
Once upon a time, it was 'certification equals competency' and organizations like IRCA built a recognized Register of Auditors.
As ‘the only game in town,’ Lead Auditor training was taken not only by Certification Body Lead Auditors but also by Consultants and QHSE Managers (especially in their role as Audit Programme Managers) wishing to develop their skills and expertise.
Since 2011, a Lead Auditor Certificate alone is no longer acceptable as proof of competency. ISO 19011, the Guidelines for auditing management systems, made this clear by defining competence as the ‘ability to apply knowledge and skills to achieve intended results’.
Registers of Lead Auditors are simply redundant. And a register of internal auditors was 'never a thing'.
And what then is the relationship between internal auditor certification and competency?
What are Required Competencies for Internal Auditors?
ISO 19011 sets out 4 headings in determining auditor competence. They apply equally to internal auditors and to lead auditors. namely,
- General: Organizational knowledge, skills and experience; working experience is essential.
- Personal behaviour: A range of personal attributes and professional behaviours are needed including ethical, open-minded, diplomatic, observant, perceptive, tenacious, decisive, culturally sensitive, ability to act with fortitude, etc.
- Knowledge and skills: To successfully complete an audit, generic competence (including auditing skills) and a level of discipline and sector-specific knowledge and skills (i.e. of the applicable ISO Standard and of the economic sector being audited) are required.
- Achieving Auditor Competence: After ISO Auditor Certification building experience by regular participation audits.
What Jobs Can Certified Internal Auditors Get?
Of course, internal auditing of a single ISO Standard (usually ISO 9001) may not be the limit of your ambition.
You can extend the range and type of audit you conduct by adding another standard to the scope of your auditor certification (e.g. take an ISO 14001 Internal Auditor Extension Course - 8 hours) or raise your game by taking a Lead Auditor Course (those responsible for Supplier Audits often do this to ensure the depth of knowledge necessary to adequately carry out such an audit).
Where to Find More Information if You Want to Become an Internal Auditor
For more in-depth information we recommend you read ISO 19011:2018, especially:
- Part 7: Competence and evaluation of auditors, and
- Annex A: Additional guidance for auditors planning and conducting audits.
You will also find useful information ar Other ISO Courses.
Related Articles
- ISO Auditor Training: A modest investment for a Big Payday!
- 5 Reasons Why Assessing the Competence of Auditors is a Must
- Certified ISO Auditors Need Further Training - It's About Competency
deGRANDSON Global is an ISO Certified Educational Organization
In October 2021 we secured certification to three education-related ISO Standards. We now have a university-grade management system in place conforming to the requirements of …
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.