Will my internal audit program have to change to meet ISO 9001:2015?


answer from the qms experts:

A review of ISO 9001:2015's requirements for Internal Management System Audits (clause 9.2.2) reveals some change of content - which might be said to actually simplify the previous requirements. Prior versions of the ISO 9001 standard required that an internal audit program be scheduled based on the "status and importance" of the activity or process to be audited. The 2015 requirements make a different - and potentially clearer definition - of this by stating "...shall take into consideration the processes concerned, changes affecting the organization and the results of previous audits."

Since, it's highly improbable that changes to the organization occur once or twice a year - a default timing for many internal audits - it's likely that an organization's internal quality system audits will need to consider a more strategic model, and consider "risk." Changes affecting the organization may include:

  • Changes to personnel (increases/decreases in headcount, shifts added, key personnel joining and leaving, etc.)
  • Changes to process (performance, layout, equipment, etc.)
  • Changes of customer (new or changed customer requirements, new customers and their requirements)

An internal audit program may be used to help management know that, in the face of such changes, the Quality Management processes are being implemented as planned and that they represent no risk to results. This focus on the consideration of risks, when considering what and when to perform internal audits, may usher in a different era for the scheduling of internal audits, beyond compliance to a set of ISO requirements.