Preparing for ISO Audits in Your Organization

Preparing for ISO Audits

Preparing for ISO audits can greatly enhance the quality of information received from the process.  This information can provide insights for improvements in the organization and increased efficiency.  Regardless of the standard being employed, some simple steps can be taken to get the desired results.

ISO Standards

The International Organization for Standardization (ISO) publishes and maintains numerous standards that allow organizations to manage their businesses.  These standards address product quality, environmental management, health and safety, information security an other subjects.  Many of these subjects are specific to industry sectors such as medical equipment and food safety management.

Some popular standards include:

  • ISO 9001:2015 Quality Management Systems
  • ISO 27001 Information Security Management Systems
  • ISO 13485 Medical Devices

Because these standards are recognized internationally, they provide a competitive advantage to organizations who achieve and maintain certification.  They are also, in many industries a requirement for providing products or services.  Regardless of area of focus, these standards share a common structure that provides management review of business processes.  These reviews incorporate findings from auditing processes.  

Types of Audits

There are three types of ISO audits; first party-audits, second-party audits, and third-party audits. 

First-party audits are performed by inside an organization to assess strengths and weakness.  This can serve to identify areas of noncompliance so that corrective actions can be taken.  These internal audits are usually conducted by employees of the organization to assess processes they are not directly involved in to ensure an unbiased analysis.

Second-party audits are provided by an external entity.  These external audits can be requested by a customer to confirm that an organization is performing as required.  It can also be initiated by the organization itself to provide a gap analysis or find if the organization is in compliance and ready for certification.

Third-party audits are conducted by external auditors to certify the organization to the standard being implemented.  These certification audits ensure that the organization’s operations are in compliance with the requirements of the standard.  They will examine processes to see if they are being implemented as they are documented.  They will also assess if the management system has buy in from upper management and is sufficiently resourced.

Preparing for Audits

Internal Audits

To ensure an effective internal audit, care should be taken to clearly identify what aspects of the program are to be evaluated.  An audit criteria and scope should be clearly defined to determine the role of the internal audit.

Those being interviewed during the audit should feel free to speak freely.  To encourage this, employees should understand that an audit is an opportunity for an organization to improve processes and efficiencies and that their feedback is important to that end.

External Audits

The same preparations taken for internal audits should be taken with external audits.  Additionally, an external auditor, by definition, will not be as familiar to your organization and its processes.  The organization’s representative should be well acquainted with the processes, work instructions, forms, and attachments that will be reviewed.  The representative should also be aware of which individuals are engaged with the processes to be audited.


Preparing for ISO audits should be a routine activity in an organization.  Knowledge of the specifics of a given program is essential.  It is important to understanding that the essential take away from any auditing report is an honest evaluation that identifies opportunities for growth and improvement.

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with integrating multiple management systems.  CVG Strategy has prepared, trained and implemented management systems for manufacturing companies in many business sectors.

Our quality strategy allows clients new to Quality Management Systems to rapidly implement a tailored system, because everything we do as consultants is processed based.  Our Quality Experts have experience with ISO9001:2015, AS9100D, ISO 13485:2016, ISO 27001:2013 and Association of American Railroads (AAR) M-1003 and can readily deliver compliant procedures and work instructions.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process ImprovementITAR and Export ComplianceCyber Security and Product Test and Evaluation



Kevin Gholston

Share this post