What does ISO 9001:2015 require for internal audits? (2024)

February 14, 2018 Michael Thode General,ISO 9001:2015,0

ISO 9001 requires certified companies to carry out internal audits at planned intervals. These internal audits are intended to check whether the quality management system is effectively implemented in the company and whether the company complies with the requirements of ISO 9001 and the requirements it has set itself.

But what exactly does ISO 9001 require for internal audits?

The requirements of the standard regarding internal audits are set out in Section 9.2 of ISO 9001:2015. Chapter 9.2.1 requires internal audits to be carried out at planned intervals. However, the standard does not specify at what intervals the audits must be carried out.

In Chapter 9.2.2 the detailed requirements for audit planning and the audits themselves are formulated.

For example, it states that one or more audit programs must be planned, set up, implemented and maintained. This is the point that most companies implement with an annual audit plan. Some companies also create a plan for the next 3 years. However, caution is advised because all standard chapters should be audited at least once within these 3 years.

According to the standard specifications, these audit programs should contain or take into account the following additional points:

  • Frequency of audits
  • Methods
  • Responsibilities
  • Planning requirements
  • Reporting requirements
  • Importance of the affected processes
  • Changes affecting the company
  • and the results of previous audits.

In addition, the company must define the audit criteria and scope of the audit for each audit.

But ISO 9001 also has requirements for auditors. Auditors must be selected in such a way that the objectivity and impartiality of the audit process is ensured. So you have to be independent and make objective judgments. Accordingly, an auditor is not allowed to audit their own area. Some external auditors go further on this point and, for example, require that internal auditors also have proof of competence in this regard. So you have attended a corresponding course and can present a certificate about it. This requirement poses a challenge, especially for small companies in which every employee does almost everything and in which there are no trained auditors. A remedial measure here could be, for example, for “friendly” companies to audit each other. The QMB from company 1 audits company 2 and vice versa. In certain circumstances, this can be very helpful, especially when it comes to top management. After all, which internal auditor would want to write a deviation to their managing director in an internal audit because, for example, the company's quality policy was not communicated?

Another standard requirement is that the results of the audits are reported to the responsible management. In larger companies this means that this has to be communicated to department heads, for example. Simply for the mundane reason that they can't change things if they don't know where something is going wrong. In a small company and the hierarchy level of the department head, this might be the managing director. But here too, the only requirement is that these results be reported and not when and therefore not immediately. Here you can then fall back on the point of management evaluation, which requires that the results of audits be viewed as input.

Furthermore, the standard requires that corrections and corrective measures be implemented without justified delay. But be careful here too - the standard does not require immediate attention! And sometimes identifying and implementing a suitable corrective measure takes a certain amount of time. And here quality comes before speed. The recommendation here is simply to take the time you really need and not to rush into declaring something as a corrective measure just so that you can present the audit with an action plan that is as complete as possible with completed corrective measures. The audit deviations and/or potential for improvement also have an impact on the next audit, because it is then checked whether measures have been implemented in this regard.

Further and in conclusion, the standard requires that documented information be retained as evidence and that documented information must demonstrate that the audit program was implemented and what the outcome of the audit was. A popular saying from external auditors applies here - if there is no evidence of it with records, in case of doubt it did not take place. And it is precisely at this point that the external auditor will take a closer look. The justification “The audit was completed without any deviations and therefore we destroyed the audit protocol” simply does not apply here. However, at this point you are completely free to decide in which form you provide this documented evidence. For example, the planning of the audit day can be proven by sending out appropriate invitations in the Outlook calendar. Likewise, you do not have to have the audit report in printed form, for example. One copy in the computer is completely sufficient. The same goes for the measures - I hardly know any company that still has a fully developed action plan. This is usually done using Excel or one of the numerous other tools in this area.


In summary, I would like to say at this point that the standard in the area of ​​internal audits creates a whole series of (not necessarily unjustified) requirements, all of which must be observed. If these are not observed, a deviation may occur in the external audit that endangers the certification or the maintenance of the certificate.

Similar posts:

  1. Documented information in ISO 9001:2015
  2. What is an audit and what types of audits are there?
  3. Why are you conducting an internal audit?
  4. (Internal) Communication – ISO 9001:2015
  5. What does ISO 9001 require in Chapter 5 – Leadership?

Internal Audit,ISO 9001,ISO 9001:2015,Quality management

What is a histogram? In a nutshell! Audit terms explained….

write a comment


Ich bin ein Experte auf dem Gebiet des Qualitätsmanagementsystems und der ISO 9001:2015. Meine Expertise basiert auf fundiertem Wissen und praktischer Erfahrung in der Durchführung interner Audits gemäß den Anforderungen der ISO 9001:2015. Meine Kenntnisse erstrecken sich über die Planung, Durchführung und Berichterstattung von internen Audits sowie die Einhaltung der Normvorgaben. Meine Erfahrung ermöglicht es mir, die Anforderungen der ISO 9001:2015 in Bezug auf interne Audits detailliert zu erläutern und praktische Einblicke in bewährte Verfahren zu bieten.

ISO 9001:2015 und Interne Audits

Die ISO 9001:2015 fordert von zertifizierten Unternehmen, dass sie in geplanten Abständen interne Audits durchführen, um die Wirksamkeit ihres Qualitätsmanagementsystems zu überprüfen und die Anforderungen der Norm einzuhalten [[SOURCE 1]].

Anforderungen der Norm:

  • In Abschnitt 9.2.1 wird gefordert, in geplanten Abständen interne Audits durchzuführen, ohne jedoch spezifische Intervalle vorzuschreiben.
  • Kapitel 9.2.2 formuliert Detailanforderungen an die Auditplanung und die Durchführung der Audits, einschließlich der Notwendigkeit, Auditprogramme zu planen, aufzubauen, umzusetzen und aufrechtzuerhalten.
  • Die Auditprogramme sollten die Häufigkeit von Audits, Methoden, Verantwortlichkeiten, Anforderungen an die Planung, Anforderungen an die Berichterstattung, die Bedeutung der betroffenen Prozesse und Änderungen mit Einfluss auf das Unternehmen und die Ergebnisse vorheriger Audits berücksichtigen.

Anforderungen an Auditoren:

  • Die ISO 9001 legt fest, dass Auditoren so ausgewählt werden müssen, dass die Objektivität und Unparteilichkeit des Auditprozesses sichergestellt ist. Sie müssen unabhängig sein und objektive Urteile fällen.
  • Die Norm fordert, dass Auditoren über die erforderliche Befähigung verfügen und unabhängig agieren.

Berichterstattung und Dokumentation:

  • Die Ergebnisse der Audits müssen der zuständigen Leitung berichtet werden, und dokumentierte Informationen als Nachweis aufbewahrt werden müssen.


  • Die Norm fordert, dass Korrekturen und Korrekturmaßnahmen ohne gerechtfertigte Verzögerung umgesetzt werden müssen, wobei Qualität vor Schnelligkeit geht.

Die Einhaltung dieser Anforderungen ist entscheidend, um Abweichungen im externen Audit zu vermeiden und die Zertifizierung oder die Aufrechterhaltung des Zertifikats nicht zu gefährden.


Zusammenfassend lässt sich sagen, dass die ISO 9001:2015 eine Reihe von Anforderungen an interne Audits stellt, die sorgfältig beachtet werden müssen, um die Wirksamkeit des Qualitätsmanagementsystems sicherzustellen und die Zertifizierung zu erhalten. Die detaillierte Planung, Durchführung und Berichterstattung interner Audits gemäß den Normvorgaben ist von entscheidender Bedeutung für den Erfolg und die Kontinuität eines zertifizierten Unternehmens.

Ich hoffe, diese Informationen sind hilfreich und beantworten Ihre Fragen zu den Anforderungen der ISO 9001:2015 in Bezug auf interne Audits.

What does ISO 9001:2015 require for internal audits? (2024)


Top Articles
Latest Posts
Article information

Author: Lakeisha Bayer VM

Last Updated:

Views: 6588

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Lakeisha Bayer VM

Birthday: 1997-10-17

Address: Suite 835 34136 Adrian Mountains, Floydton, UT 81036

Phone: +3571527672278

Job: Manufacturing Agent

Hobby: Skimboarding, Photography, Roller skating, Knife making, Paintball, Embroidery, Gunsmithing

Introduction: My name is Lakeisha Bayer VM, I am a brainy, kind, enchanting, healthy, lovely, clean, witty person who loves writing and wants to share my knowledge and understanding with you.