A Guide to ISO Audits: Step by Step

Written By
Joakim Stenström
Joakim Stenström
Published
May 21, 2023
Topic
ISO audit

What happens in an audit

A revision ISO certification is a systematic and independent review of an organization's operations and procedures to ensure that they meet the requirements set by an ISO standard. During the audit, the auditors check that the organization has documented procedures, controls and procedures to meet the requirements. They are also investigating that these procedures are in operation and working as intended.

The result of the audit is a report that provides a detailed overview of the organization's level of compliance with ISO requirements.

An audit is a tightly controlled process in which the auditors are also regularly audited for performing the audit properly. Below we go over the major points that occur within an audit.

Remember that auditing is among the final steps in an ISO certification process - i.e. the result of all your hard work to actually establish and implement wiring system in the business.

Document review before audit

Document auditing is one of the most common audit techniques used in an ISO audit. It involves reviewing the organization's documentation to make sure it meets the requirements specified in the ISO standard. This may include reviewing documentation relating to processes, product requirements, product management, risk management and continuity planning, among others.

Another purpose of document review is to verify that the organization adheres to its documented procedures and processes. Some do it before the actual audit time, some always do it on the spot.

Initial meeting

Presentation of the company and the people who are on site present themselves with titles and responsibilities.

The certification scope is reviewed to see what we are going to certify. Here it is important to carefully delineate what should be certified so that the company does not broaden the business and all of a sudden has new elements in the business that are not reviewed in a certification.

Review of Ongoing Activities

This stage focuses on examining and reviewing how the business is organized and functioning. The focus is on identifying deficiencies in processes, systems and equipment that could lead to the organization not meeting the requirements specified in the ISO standards.

The audit aims to help the organization improve processes, systems and equipment to ensure they meet ISO requirements. Conducted in the form of interviews and follow-up of record keeping, protocols and similar activities.

Supplementary Document Review

The supplementary document review is a deep dive into main processes where business development, marketing, but especially delivery and sales are usually reviewed.

If the auditors find things during the audit that need clarification, they go back to how it is described that the organization works. The focus is very much on the management process itself, where management reviews and follow-up of objectives are carried out - usually done at the management's quarterly follow-up, management team meetings on a monthly basis or what the company in question has procedures. Generally, we say that the company needs to have followed things up at least 4 times a year.

In sales, a lot is about how the organization identifies what customer requirements and expectations exist and how they then deliver on that.

When it comes to supporting processes, the auditor checks how the organization handles e.g. suppliers/purchases, personnel and more. For example, the auditor checks that the staff can really work according to and understand the management system.

Continuous improvement includes customer feedback management, deviation management, improvement measures, risk assessments, crisis management, corrective actions, internal audits etc.

Management process, delivery and continuous improvement are absolutely the things that one has the most focus on. Possibly even development if it is a large part of the company.

The auditor often reviews the following areas:

The management process

Main processes

  • Business Development
  • Marketing
  • Develop
  • Sell
  • Deliver

Supporting Processes

  • Purchases
  • skills
  • Maintenance
  • Financials
  • Continuous improvement

But it all depends on the company in question. If you build bridges, for example, the construction part is very important.

Formulation of deviations, observations and recommendations

After review, the formulation of deviations, observations and recommendations follows.

Deviations are when you have gone against a standard requirement or you have a consistent problem with not following what you say you should do. Depending on the extent of the deviation, you will get a large or smaller deviation.

You have observations until the next audit to complete.

Closing meeting

The audit itself ends with a meeting where the results of the audit are reviewed together with the organization.

Report Writing

The auditor has formulated discrepancies and observations on the spot, then the auditor writes a report.

Reporting of actions

Customer reports, with support from their management consultant, in direct and corrective actions as they have been carried out.

Summary

With this guide in mind, you should now have a clear picture of how an audit is done in an ISO certification. By following these steps and working closely with the auditors, your organization can ensure that it meets ISO requirements and works on continuous improvement.

‍

‍

Gratis e-bok
Allt frÄn vad standarder krÀver till hur du genomför ett projekt för att etablera ett certifierbart ledningssystem.
Tack! Nu fÄr du snart ett e-post frÄn oss!
Oj! 

NĂ„got gick fel.

Hör av dig till support@ampliflow.com.
Free e-book
Everything from what standards require to how you implement a project to establishing a certifiable management system.
Tack! Nu fÄr du snart ett e-post frÄn oss!
Oj! 

NĂ„got gick fel.

Hör av dig till support@ampliflow.com.
Do you need help getting ready for ISO certification?
AmpliFlow can help you with everything you need to achieve certification. From smart IT systems to project management, training, internal auditing and much more. Book an appointment today to find out more!
Thank you! We will hear from you soon!
Oops!

Something went wrong.

Get in touch with support@ampliflow.com.
Articles

More articles

Tools, information and other resources you need.
Customer Requirements Management

What is customer requirements management?

Customer requirements management is the process required to identify, analyze, prioritize, respond to, and monitor customer requirements. Here we go over what it means and why it's important.
Patrik Björklund
October 4, 2024
ISO Certification

You probably only need to write 20% of the documents you think before ISO certification

Prepare for ISO certification without unnecessary documentation. You only need to write 20% of what you believe. Discover how AmpliFlow simplifies the process.
Patrik Björklund
September 18, 2024
Cord

Break the myth: ISO 9001 isn't about documentation, it's about improving businesses

Break the myth of ISO 9001! It's not just about documentation, it's about improving your business. With modern tools, the working tools become the documentation itself. Learn more here!
Patrik Björklund
July 6, 2023

Do like other happy customers - get AmpliFlow

Schedule a meeting today to discuss how we can help you with systems and/or support.
Small or publicly traded. Recruitment or concrete manufacturing. AmpliFlow is for everyone.