What is an Internal Audit?

Share this article

Regardless of the nature and size of a business, a consistent internal audit process is an effective and reliable method to support management policies and controls. An audit process  should consider the risks of a business and use it as a mechanism to seek out opportunities for improvement. Auditing should not just be a mechanism by which a business is meeting any statutory or regulatory requirements, but a great way to meet customer demands in competitive markets, whilst meeting  business objectives.

What is an Audit?

The ISO 19011:2018 Guidelines for auditing of management systems defines an audit as a:

systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

This definition is a bit of a mouthful, but essentially auditing is a method to check that all your policy, procedures, business controls and compliance obligations are being met. We see auditing as a health check for your business.

Although many business must conduct internal audits in order to meet their certification or legislative requirements, we see auditing to be a great method to communicate the positives of a highly successful and compliant business.

Types of Audits

There are three main types of audits. First party audits are internal audits, which are conducted by businesses to address the management system standards or other requirements. Ideally, staff from within the business, but external to the area of the audit should conduct the internal audit to ensure objectivity and impartially.

Second party audits generally focus on the supply chain, whereby as a business you might audit contractors or even customers in some circumstances. Your staff may conduct these audits or you may employ another party to conduct them on your behalf.

Third party audits are conducted by regulatory or certification bodies using their own auditors or sub-contract auditors who have no conflicts of interest.

What criteria would an Internal Audit be conducted against?

An internal audit can be conducted against any criteria a business sees fit. Criteria may be derived from many areas including:

  • Requirements set out within a management system standards such as ISO 9001
  • Policy and Procedures of a business or as specified by relevant external parties
  • Legislative and regulatory requirements
  • Certification requirements
  • Specific management system plans for eg. Project Management


Want to know more about how to involve your staff in conducting internal audits within your business? Our 2 day Management Systems course is based upon the principles of AS/NZS/ISO 19011 Guidelines for Auditing Management Systems, and will leave students with a clear understanding of how to conduct process-based audits within the workplace. Contact Us to learn more or register here.

Share this article