In company operations—whether related to finances, internal systems, or other key processes—aligning with the standards set by the ISO is essential for maintaining efficiency and credibility. Engaging independent third-party assessors to conduct a comprehensive evaluation ensures that business processes meet globally recognized benchmarks. Because of this, global organizations such as private companies pursue ISO certification to demonstrate their commitment to quality, efficiency, and compliance with best practices.
In this article, we will be tackling company audits with regard to internal processes and systems in place and the role that the International Standard Organization (ISO) plays in a successful audit.
The ISO, which began in 1947, is an independent and non-government organization that creates international standards for companies to adhere to when it comes to designing and implementing their internal systems. To ensure that they encompass and consider localized regulations, most countries --- the Philippines included --- have representatives in the ISO, helping the ISO create the standards in which to assess international companies by.
For companies who wish to become ISO certified, an external audit by the ISO accredited certification bodies is done as they assess your internal systems through your documentation, your risk assessments, internal controls and your employees’ knowledge of your systems. Before this happens, most companies take it upon themselves to have a company-wide internal preparation, simulating what happens during an external audit with their own quality assurance or management team acting as the auditors – this is what we call an internal audit.
In essence, the internal and external audit are the same – specifically since the internal audit is supposed to act as a simulation of an external audit. With this, as said above, the main difference lies in the auditors.
For an external audit of your internal systems, representatives from ISO request your company’s internal documentation – from your standard operation procedures, business continuity procedures and workflow processes of every department. This is submitted to them ahead of time before they perform an audit check and interview your employees.
Once they have had the time to look into your internal systems and processes, they then interview your management team, department heads and random employees to assess whether your internal processes are followed based on the company set standards and in accordance with the requirements of the ISO. Once you’ve completed this part of the audit and you comply with their requirements and pass their standards, your company is then issued with an ISO 9001:2015 certification.
But what is the importance of becoming ISO certified?
Obtaining ISO certification adds credibility to your organization and secures client trust. As an internationally acclaimed organization, the ISO sets a gold standard for internal systems that demonstrate your company’s commitment to quality and compliance. This helps strengthen partnerships with clients, assures them of your operational efficiency, and positions your company as a reliable and trustworthy partner in the market.
As you prepare for your internal audit, everyone in the company has a role to play. From the start, management must make it clear the audit preparation efforts should be prioritized to ensure that teams are aligned in achieving a common goal – to receive ISO certification.
The goal to become ISO certified first and foremost starts with management. Depending on the company’s growth over the years, they can determine whether or not it is time for the company to apply for ISO certification and trigger the necessary preparation for it.
Once preparations begin, all initiatives must come from management – ensuring that they provide all the necessary information, tools and resources that employees would need to be able to comply with the internal and external audit requirements. Management’s outlook during this preparation would set the tone for the entire company, encouraging employees to treat the audit with utmost importance.
Once management sets the tone for the audit preparation, it becomes the team leads and managers’ responsibility to trickle down all the information – ensuring that their team members understand the expectations from them during the audit and supervise the proper implementation of the department’s internal processes leading up to the audit date.
Aside from this, managers are also encouraged to take a proactive role in their employees’ preparation, giving their teams access to all the resources and training required for the audit and building a channel of communication wherein employees can approach them for help when needed.
Employees who work under different managers and departments now become the frontlines of the process. With the resources and information made available to them, it becomes their responsibility to utilize it – understanding and adhering to company standards and ensuring their daily work complies with the standards. During the audit proper, they must be able to demonstrate the knowledge of these processes to show auditors that they are in compliance.
During an internal audit, your auditors would most likely come from your Quality Management or Internal Audit Team. For the audit preparation and audit proper, these employees must be unbiased and objective as possible – acting as third-party investigators all throughout. Their role is to thoroughly assess the company’s internal processes, identify areas of improvement, and provide actionable feedback. By simulating the external audit process, internal auditors help the company refine its systems and improve its chances of passing the external ISO audit.
The internal audit is a critical step in preparing your company for the ISO certification process. We conduct internal audits to ensure compliance with our standards as a commitment to continuously improving our system while preparing the company for the external audit. Treating the internal audit with the same seriousness as the external audit ensures a smoother process and reduces the risk of non-compliance when the ISO auditors arrive.
Employees must approach the internal audit with the same professionalism and preparation they would exert during an external audit done by the ISO.
During the audit proper, make sure you and your employees understand the purpose of the audit, are prepared for the interviews and have all the necessary documentation formatted according to ISO standards. Treat the internal audit as an opportunity to identify potential issues, address them proactively, and build confidence in your company’s systems even before an external audit – ensuring that findings are positive once the real thing comes.
Once your company’s documents and processes are submitted to your internal auditors, interviews for every department head and random members of every department come next.
During this phase, employees at random are invited into interviews to simulate the external audit process as employees must demonstrate their knowledge of the internal processes applicable to their daily duties and responsibilities as well as the company values and procedures that act as the overarching objectives of all departments.
Employees should:
Auditors may ask questions like:
The goal of these interviews is to assess whether employees understand and follow the processes outlined in the company’s documentation.
During the internal audit, auditors will also thoroughly review the company’s documentation. This includes:
It is important to ensure that all your documents are up to date, accurate and easily accessible by those essential to the process and/or document. Employees responsible for maintaining these records should work closely with auditors to provide any additional information or clarification needed.
The internal audit process typically follows a structured timeline to ensure all areas of the company are thoroughly assessed. A typical schedule may include:
The entire process may take several days to weeks, depending on the size of the company and the complexity of its systems.
Once the internal audit is complete, the company must take the findings seriously and address any areas of non-compliance or improvement. This phase is essential for ensuring readiness for the external ISO audit and demonstrating a commitment to continuous improvement.
After the closing meeting, the internal audit team will provide a detailed report of their findings. This report typically includes:
It is important for management to review this report carefully and prioritize addressing the findings.
If the internal audit identifies non-conformities, the company will be given a timeline to reconcile these issues. Common examples of non-conformities include:
To address these issues, the company should:
Corrective actions are measures taken to eliminate the root cause of non-conformities and prevent them from recurring. These actions may involve:
Management should oversee the implementation of corrective actions and provide regular updates to the team. This helps maintain transparency and accountability throughout the process.
Once all non-conformities have been addressed and corrective actions implemented, the company can begin preparing for the external ISO audit. This involves:
The internal audit findings should serve as a guide for these preparations, ensuring that the company is fully ready to meet ISO standards.
As your company prepares for an external audit, it is important to note that the internal audit process is not merely a one-time preparation but an ongoing testament to your company’s commitment to quality and excellence.
As you receive ISO certification and become successful in the external audit preparation and proper, it should be noted that continuing to conduct regular internal audits to trigger an update in outdated processes, systems and trainings will help your company’s internal controls remain evergreen – ensuring compliance with ISO standards at all times and building a culture of continuous improvement and innovation for the management and employees overall.
D&V Philippines provides scalable finance and accounting solutions that can adapt to any landscape. If you’re interested in learning more about our services, schedule a free consultation with us!
You can also download our Your Talent Sourcing Partner Whitepaper to see how we value our talents.
This article has been written in collaboration with Aly Tagamolila, a content specialist at D&V Philippines.