ISO Management System Standards require that persons involved in such systems be competent, and training is an essential part of building such competence.
Let’s consider internal auditing of the 2 most popular management system standards: ISO 9001, the quality management system (QMS)standard, and ISO 14001, the environmental management system (EMS) standard.
Let's also consider the frequently heard claim that 'we've not had a problem with internal auditing until now'.
Well, that has changed; in fact, it changed 7 years ago, but few noticed!
Why Choose 7-year-old Standards as Examples?
It's because Internal Audit Programmes and Internal Audit Reports continue to demonstrate on a very regular basis that the requirements relating to Internal Audits are not adequately addressed. Furthermore, incompetent internal ISO auditors are commonplace. What's worst is this is 7 years after requirements changed!
In this article, we set 5 reasons why such training is a ‘must’, the first 3 arising directly from the Standards themselves, and the final 2 is concerned with maximizing the benefits that can be achieved with best internal auditing practice.
Historically, internal auditors have not been formally trained, and Certification Bodies (CBs) have accepted this practice.
Furthermore, CBs have accepted internal audit programs based solely on the auditing of procedures, work instructions, and other lower-level documents.
With many organizations now migrating to the 2015 standards, the question arises as to whether the traditional approach will continue to be acceptable.
Examination of ISO 9001:2015 and/or ISO 14001:2015 clearly indicates that formal training will be necessary, and here are 5 reasons why.
Major changes have been made to both standards, including many for which documented procedures are unlikely to exist. Consider just four such examples:
Internal Auditors will need to understand these terms as well as their interpretation and application.
Could someone auditing the effectiveness of the implementation of procedures alone fulfill the requirements here? Sub-clause 9.2.1 a) 2) requires audit evidence on whether the QMS/EMA conforms to ‘the requirements of this International Standard’.
Without training, it is unlikely that an internal auditor will understand the requirements relating to policy, processes, procedures, and other documentation (including records).
Sub-clause b) here describes competence as an appropriate combination of ‘education, training or experience’. Note that here the word ‘or’ is inclusive and should be interpreted as ‘and/or’.
Sub-clause c) requires the organization to ‘take actions to acquire the necessary competence’.
Education and experience alone cannot make someone a competent internal auditor. And ‘sit by Nellie’ is hardly an effective or credible training method.
Any reasonable interpretation of clause 7.2 requires internal auditors to be formally trained.
We next turn to two reasons concerned with turning internal auditing into an opportunity:
To thoroughly audit a QMS/EMS, it is necessary that internal auditors mimic the behavior of CB auditors. External ISO auditors use many sources of information, which will vary depending on the scope and complexity of the audit and may include the following:
Without training in these techniques, it is likely that weaknesses and non-compliances will be left undetected and be found subsequently by external auditors.
Internal audits offer convenient and relaxed opportunities for personnel at all levels and functions within the organization to point out defects in systems and procedures. They also suggest many small improvements (and occasionally major improvements) to management systems.
By capturing, reviewing, and implementing these suggestions, you help ensure the robustness of the QMS/EMS. Every non-conformance avoided represents a real saving of time, money, and other resources.
Consider for a moment how much better your internal audits would be in gathering interview evidence and in identifying improvement opportunities if they followed the following 5-step guide:
It is only with trained internal auditors familiar with these methods that your organization can benefit.
We would suggest that formal ISO 9001 internal auditor training and/or formal ISO 14001 internal auditor training (with certification examinations) is the best approach in:
1. ensuring the competency of internal auditors and
2. maximizing the potential benefit arising from the internal auditing process, which process you cannot be avoided.
Of course, we have a vested interest; we are an online ISO Auditor Training Company, after all. However, that doesn’t mean that everything stated above isn’t absolutely true!
Click on the image thumbnail to see the image in full size, or click the button on the other side to go to our ISO auditor overview page to learn more about our courses.
Note: First published May 2020; revised and updated Mar 2022.
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.