Internal audits - introduction, overview and explanations (2024)

Table of contents

Note: This text will not provide anything new to experienced QM professionals. The next time you inquire about what an internal audit is, please feel free to forward the link.

Warning: The requirements for internal audits vary greatly depending on the standard. This blog post serves as an introduction and overview of the topic. It does not replace the study of the standard requirements and does not claim to be complete.

Buying tip for internal audits

Like a good film in the cinema, first comes valuable advertising that makes your life easier.

I have aInternal audit toolboxcreated. This includes the following elements:

Toolbox interne Audits

  • Internal Audits Manual (PDF)
    It contains the basics of internal audits from implementation to evaluation. You can also use it for internal training.
    17 pages of concentrated knowledge in understandable language.
  • Tool for audit planning and documentation (Excel)
    The heart of this internal audit template collection. An Excel document that supports you in planning, monitoring and evaluation. It also offers a cockpit with the key figures from your audits as well as an illustrated quick guide. An open Excel document without macros and without password protection.
  • Internal Audit Guideline (Word)
    The sample policy helps you to record and document the most important regulations and internal guidelines relating to internal audits.
    It is intentionally not a PDF so that you can adapt and supplement it to your situation.
  • Internal Audit Form (Word)
    If you have no idea what a note/minute form might look like, the form will help you get started straight away. This is also an open Word form, so you can customize it to suit your needs.

>>More information about the toolbox internal audits.

What are internal audits?

Internal audits are used to check whether theory and practice correspond and where there is potential for improvement.

Internal audits are used to (internally) check whether internal specifications (management system) and external specifications (norms, laws, supplier requirements, ...) are being adhered to.

This is done by people (internal auditors) who randomly check (audit) individual processes, procedures, etc.

What are the benefits of internal audits?

But we all know what to do and we work the way we defined it.
Why should we check this again?

This is what many people think – before they carry out the first internal audits. However, there are many bad reasons (and some good reasons) for not doing something as defined.
Ignorance of the specifications, outdated knowledge, circumvention to save time, unclear instructions, complicated processes, lack of understanding of the standard, ... are just some of the possible reasons.

Through internal audits, these weak points can be identified before the legislator, a customer, a supplier, an external auditor or a damage report reveals the gap. Internal audits can therefore protect you from damage, unnecessary costs, problems and much more.

However, internal audits are not only suitable for “preventing problems”. They also help to systematically improve your own work. Through regular internal reviews, you will not only find errors/gaps in your own system, but also discover points that you would like to improve. By looking at the work as part of the internal audits, new ideas will emerge together about how something can be made easier, faster, better, safer or optimized in some other way.

How do you do internal audits?

Internal audits must be planned, carried out and evaluated.

Audit planning

Plan which focal points and which processes, procedures and departments you will audit this and the next few years. Focus particularly on the core tasks.
Inspiration for the focus of the audit can include past audits, error reports, suggestions from employees or management.

When planning the audit, you determine which areas will be audited in which year. Depending on the size of the company, there may also be a team of internal auditors, so they can discuss together what should be audited and who will carry out which audits.

Except for unannounced audits, the persons to be audited can then be informed about the audit. They need to know whether and how they should prepare, whether documents need to be provided, how long the audit will take and which people will be audited. It is also important to provide information about what happens to the audit results.

Audit execution


Explain what internal audits are about, what the goal is and how everything works. Internal audits are not employee reviews.


The actual implementation can look very different and depends on the operational situation and the standard. An internal audit looks different in a chocolate factory than in a Spitex.
Possible content/forms of internal audits:

  • Discussion of individual orders in the form of samples (inquiries through to invoicing)
  • Discussing a procedure/process and checking whether the internal/external requirements were adhered to
  • Deepening of a key topic that was previously desired or determined
  • Checking some documents (forms, checklists) and their use in everyday work
  • Shadowing: Silently accompanying/observing the person being audited by the auditor
  • Observation use: Lessons, further training events, customer discussions are observed by the auditing person
  • Deepening and checking individual standard specifications
  • u.v.m.

At the end of the audit, the audited persons receive brief feedback. What is the impression, what did you notice, what questions need to be discussed directly, where are there gaps in the specifications and what errors, if any, were identified. Where do the people being audited have points where they have issues or are unsure. What improvements or simplifications did they want?
The auditors must know what will be passed on from the conversation. There should be no “surprises” afterwards when the audit report is sent out. This would destroy trust and reduce the effectiveness of future audits.

Give the auditees a thank you for their time and courage. Also mention what you noticed positively and what is being implemented well. Auditors are not just fault-finding zombies.

Documentation / protocol / audit report

Depending on the internal and external requirements, the audit must be recorded in the form of an audit report. This can range from a simple keyword protocol to a comprehensive dossier with all the evidence (copies, photos, etc.).

Regardless of the external requirements, the protocol must show:

  • People involved
  • Implementation date
  • Content (process/process, focus, …)
  • Positive findings
  • Errors/gaps
  • Open questions
  • Next Steps

Audit evaluation and pending management

What's the point of the best internal audit if everything comes to nought afterwards?

For the credibility and effectiveness of internal audits, audit evaluation and follow-up are at least as important as audit execution. It is extremely unfortunate when ideas for improvement come up during the audit and then no one takes care of them. The same applies if questions have arisen due to discovered errors that are not being processed.
I recommend that you follow up on these potential improvements, but also during auditsthe KVP list.

It is important to clearly regulate what happens to the audit results after the internal audit and who is responsible for what.
Some questions that need to be clarified:

  • Who is responsible for what after the audit. The ball for follow-up is in the court of the person who carried out the audit, the person responsible for QM, the person being audited or the management.
  • Who can decide when measures/decisions are needed?
  • Who ensures that the findings and measures are implemented and monitored.
  • Who checks whether the same error or the same improvement idea also needs to be taken into account in other areas of the company.

This offers a very valuable tool for pending managementthe KVP list.

Who does internal audits?

Quite simply, the internal auditors 🙂

Internal auditors must be as independent as possible.
The accountant is not supposed to audit the accounting process.

The auditing persons must have the necessary specialist knowledge to carry out the internal audits. This includes the internal processes, the basics of conducting discussions, knowledge of your own management system, knowledge of the standard requirements, etc.

If internal specialist knowledge is (still) lacking, internal audits can also be carried out by an external consultant.
This form ofPartial outsourcing of internal auditsis an offer from me. If desired, the know-how in the company can be gradually built up so that you can implement the audits in the future without external support. TakeContactup with me.

Standard requirements for internal audits

The ISO 9001:2015 standard has various requirements for internal audits in Chapter 9.2 Internal Audit.

QuaTheDA, SODK OST+ and IN-Qualis require internal audits. However, these three standards do not contain any further information about what needs to be taken into account or which conditions must be met.

Als Experte auf dem Gebiet der internen Audits kann ich Ihnen umfassende Informationen zu den in dem Artikel genannten Konzepten geben. Ich verfüge über fundiertes Fachwissen und Erfahrung in diesem Bereich. Lassen Sie uns nun die verschiedenen Konzepte im Artikel betrachten.

Was sind interne Audits?

Interne Audits dienen der Prüfung, ob interne Vorgaben (Managementsystem) und externe Vorgaben (Normen, Gesetze, Lieferantenanforderungen usw.) eingehalten werden. Dabei werden einzelne Prozesse, Abläufe und andere Aspekte überprüft, um sicherzustellen, dass Theorie und Praxis übereinstimmen und Verbesserungspotenziale identifiziert werden können [[SOURCE 1]].

Was bringen interne Audits?

Interne Audits haben mehrere Vorteile. Sie helfen dabei, Schwachpunkte und Fehler im System zu identifizieren, bevor sie von externen Parteien wie dem Gesetzgeber, Kunden oder Lieferanten aufgedeckt werden. Durch interne Audits können Schäden, unnötige Kosten und Probleme vermieden werden. Darüber hinaus ermöglichen interne Audits eine systematische Verbesserung der Arbeitsweise und fördern die Entwicklung neuer Ideen zur Optimierung von Prozessen und Abläufen [[SOURCE 1]].

Wie macht man interne Audits?

Interne Audits bestehen aus verschiedenen Phasen, darunter die Auditplanung, Auditdurchführung, Dokumentation und Auswertung. Bei der Auditplanung legt man fest, welche Bereiche auditiert werden sollen und welche Schwerpunkte gesetzt werden. Die Auditdurchführung kann je nach betrieblicher Situation und Norm unterschiedlich aussehen. Es können verschiedene Methoden wie Stichproben, Besprechungen, Prüfung von Dokumenten oder Beobachtungen angewendet werden. Nach dem Audit erhalten die auditierten Personen eine Rückmeldung, und die Ergebnisse werden dokumentiert. Die Auswertung und Nachbearbeitung der Auditergebnisse ist entscheidend, um Verbesserungspotenziale zu identifizieren und sicherzustellen, dass Maßnahmen umgesetzt und überwacht werden [[SOURCE 1]].

Wer macht interne Audits?

Interne Audits werden von internen Auditorinnen und Auditoren durchgeführt. Diese Personen sollten über das notwendige Fachwissen verfügen und möglichst unabhängig sein. Es ist wichtig, dass sie die internen Abläufe, die Normforderungen und andere relevante Aspekte gut kennen. Bei fehlendem internem Fachwissen können auch externe Beratungspersonen mit der Durchführung der internen Audits beauftragt werden [[SOURCE 1]].

Normanforderungen an interne Audits

Die Norm ISO 9001:2015 enthält im Kapitel 9.2 spezifische Anforderungen an interne Audits. Auch andere Normen wie QuaTheDA, SODK OST+ und IN-Qualis fordern interne Audits, geben jedoch keine weiteren spezifischen Angaben dazu [[SOURCE 1]].

Bitte beachten Sie, dass der Artikel, auf den Sie sich beziehen, als Einführung und Übersicht zur Thematik dient und nicht das Studium der Normforderungen ersetzt. Es ist wichtig, die spezifischen Anforderungen der jeweiligen Norm zu berücksichtigen.

Ich hoffe, diese Informationen helfen Ihnen weiter. Wenn Sie weitere Fragen haben, stehe ich Ihnen gerne zur Verfügung.

Internal audits - introduction, overview and explanations (2024)


Top Articles
Latest Posts
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 6584

Rating: 4.7 / 5 (47 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.