How to become a Certified ISO Internal Auditor: 11 FAQs answered

    Auditor inspecting medical devices


    Table of Contents

    What is an ISO Internal Auditor?

    When the expression Internal  Auditor is used, it refers to an auditor who participates, perhaps leads an ISO management system audit of his/her own organization's management system.

    Are Internal Audits Necessary? 

    Internal audits are a mandatory and necessary part of an organization's obligation to demonstrate ongoing compliance with the requirements of the ISO Management System Standard(s) to which the organization subscribes. 

    At a practical level, internal audits help ensure that when external auditors come to check compliance - either a Certification Body auditing as the basis of continuing certification of compliance or Supplier Audits as the basis of placing business with the organization - there will be few if any non-compliances to be discovered. 

    Additionally, internal audit programs are a great occasion to identify opportunities for improvement. After all, it is during internal audits that auditors are talking with the very people most familiar with the day-to-day workings of the organization.

    New call-to-action

    How does the Internal Audit Process Go?

    ISO Internal Auditing is not a boring box-ticking exercise but an engrossing set of activities involving:

    1. the interviewing of people doing the work that makes your organization a success,
    2. observing the workplace in action,
    3. checking workplace activities and processes, as well as
    4. scrutinizing documents and records, 



    Available ISO Internal Auditor Courses Image Map. Click on any course you are interested in and see the full overview of each one, including course content, learning materials, etc.


    What are the Advantages of Being a Certified Internal Auditor?

    As experienced internal auditors have knowledge of the processes and activities at many levels and functions within the organization, they are frequently chosen for promotion ahead of their colleagues.

    What are the Business Applications of Internal Audits?

    The finance profession tends to use terms like internal auditor and lead auditor as if they only apply to the finance sectors. 

    ISO Management System Standards apply to any sector - quality, environment, energy, medical device manufacture, food safety, occupational health and safety, information security, etc. 

    It's best to refer to ISO Internal Auditors and ISO Lead Auditors in regard to these standards.

    Does Internal Auditor Certification Apply to All Standards?

    No. An internal auditor trained in the requirements of ISO 9001, the quality system standard, is not equipped to audit against the requirements of, say, ISO 14001, the environmental management system standard. This is for the simple reason that the two standards have very different objectives and significantly different detailed requirements. 

    So, an ISO 9001 Internal Auditor would need additional training (an ISO 14001 Extension Course) before they were capable of conducting an ISO 14001 audit.

    That being the case,

    How do you become an ISO Certified Internal Auditor?

    In general, there are five steps that you need to take to become an ISO-certified Internal Auditor. 

    1. Acquire the temperament and personal attributes needed to be a successful Internal Auditor. Ideal attributes for internal auditors include being ethical, open-minded, diplomatic, observant, perceptive, tenacious, decisive, culturally sensitive, having the ability to act with fortitude, etc.

    2. Gain the technical experience, subject expertise, supervisory and managerial experience needed to conduct an audit. See a list of 5 benefits that you can get from having trained internal auditors.

    3. Complete an ISO-certified internal auditor training course. You can choose between a 2-day conventional course or a 12-hour online course.
    4. Undertake internal audits as often as possible. 3 times-a-year is considered the minimum number of internal audits needed to maintain auditing skills. 

    5. Finally, have yourself evaluated as a competent internal auditor.  Typically, this is done by a QHSE Manager or equivalent and recorded in your personal training/competency record.

    That being said, there are several things that you would need to consider if you want to become a certified Internal Auditor, like the following.

    Is Having an Internal Auditor Certificate Already Enough?

    Once upon a time, it was 'certification equals competency', and organizations like IRCA built a recognized Register of Auditors. 

    As ‘the only game in town,’ Lead Auditor training was taken not only by Certification Body Lead Auditors but also by Consultants and QHSE Managers (especially in their role as Audit Programme Managers) wishing to develop their skills and expertise.

    Since 2011, a Lead Auditor Certificate alone is no longer acceptable as proof of competency. ISO 19011, the Guidelines for auditing management systems, made this clear by defining competence as the ‘ability to apply knowledge and skills to achieve intended results’.

    Registers of Lead Auditors are simply redundant.  And a register of internal auditors was 'never a thing'.

    And what, then, is the relationship between internal auditor certification and competency?

    What are the Required Competencies for Internal Auditors?

    ISO 19011 sets out 4 headings in determining auditor competence. They apply equally to internal auditors and to lead auditors. namely,

    • General: Organizational knowledge, skills, and experience; working experience is essential.
    • Personal behavior: A range of personal attributes and professional behaviors are needed, including ethical, open-minded, diplomatic, observant, perceptive, tenacious, decisive, culturally sensitive, ability to act with fortitude, etc.
    • Knowledge and skills: To successfully complete an audit, generic competence (including auditing skills) and a level of discipline and sector-specific knowledge and skills (i.e., of the applicable ISO Standard and of the economic sector being audited) are required.
    • Achieving Auditor Competence: After ISO Auditor Certification building experience by regular participation audits.


    What Jobs Can Certified Internal Auditors Get?

    Of course, internal auditing of a single ISO Standard (usually ISO 9001) may not be the limit of your ambition. 

    You can extend the range and type of audit you conduct by adding another standard to the scope of your auditor certification (e.g. take an ISO 14001 Internal Auditor Extension Course - 8 hours) or raise your game by taking a Lead Auditor Course (those responsible for Supplier Audits often do this to ensure the depth of knowledge necessary to adequately carry out such an audit).

    Where to Find More Information if You Want to Become an Internal Auditor

    For more in-depth information, we recommend you read ISO 19011:2018, especially: 

    • Part 7: Competence and evaluation of auditors, and
    • Annex A: Additional guidance for auditors planning and conducting audits.

    You will also find useful information ar Other ISO Courses.


    Choose an Internal Auditor Course


    Related Articles

    deGRANDSON Global is an ISO Certified Educational Organization

    In October 2021, we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts