5 benefits of training your ISO Internal Auditors

Internal auditors undergoing internal auditing training

Confirmation of the effective maintenance of your Management System (MS) is just one of the benefits of having trained internal auditors

As an Audit Programme Manager - the person responsible for overseeing internal audit programs - you know that all ISO Management System Standards (MSS) require internal auditing.  

External auditors, whether from certification bodies, accreditation bodies, regulatory bodies or customers, all place great emphasis on your internal audit reports and the associated process.

Their interest goes beyond confirming the fulfilment of a requirement - they want to see your level of commitment, the kinds of problems you've been having, and the effectiveness with which you've dealt with them. At a fundamental level, they want to assure themselves that you are not just 'going through the motions.'

In presenting a satisfactory picture, you are very dependent on your Internal Auditors and the effectiveness with which they complete their task.  Therefore, it is fundamentally important that they know what they are doing and that they are doing it well.

In this article, we give you five important benefits of having trained internal auditors and some extra suggestions on how you can make the most of them in order to achieve optimum results.

1. Trained Internal Auditors Know the Proper Way to Prepare for an Audit

A review of the procedure to be audited alone is not enough. Auditors need to understand the context and the requirements in the applicable Standard, applicable statutory or regulatory requirements (and Guides to these where applicable).

Training will help but, for a given audit, you must also ensure that your auditors know what documentation they need to familiarize themselves with and provide them with sufficient time to study them.

Suggestion: include a list of applicable documentation for each audit in your internal audit schedule.

Result: The right questions in the correct context will be asked.  Inadequate answers will be more easily identified.

2. Trained Internal Auditors Use a Variety of Sources of Evidence

Many internal audits are entirely focused on confirming that controlled documentation has been issued and is available at the point of use and that specified records are being kept.  This is a lazy and ineffective way of determining whether requirements are being met.

As part of the preparation for the audit,  auditors review documents  (procedures flowcharts) that described the process/activity to be audited.  

In doing so, they should look for where commitments are made.  In particular, note commitments that link with higher-level standard requirements.

For example, commitments to follow or issue a schedule, complete a record, file a form, assign certain personnel, create and maintain an environment, use specified equipment, report within a certain time frame, or check off certain tasks, and so on.


Add to Your Auditor Certification with an Extension Course - saves time and money


During the on-site audit activities, a variety of evidence sources can be used.  Four types of evidence are often used in particular. These include:

  1. Documents and records (review procedure and examine records).
  2. Physical examination (you count it, it is tangible).
  3. Observing activities (you watch what is going on).
  4. Interviewing (you talk to people connected with the process).

Suggestion:  Ensure your auditing procedure requires auditors, as part of their preparation, to list commitments in procedures, standards, regulations, customer contracts, etc.  And then during the audit use and record evidence of all four evidence types.

Result:  A robust body of objective and corroborating evidence will be recorded.  The dependability of the audit reports will be greatly increased.  Less likely that major non-conformances will remain for external auditors to find!

3: Trained Internal Auditors Can Audit Non-specific Requirements Appropriately

Some standard clauses and internal organization procedures may have open-ended type requirements that are not very specific and can leave the auditor with a lot of questions. 

You may notice various open-ended requirements during the document evaluation and during the performance of the audit. There are four types of open-ended requirements you may encounter during your audit.

  1. Open-ended phrases/words: Use of open-ended words subject to wide interpretation (for example, periodic, timely, readily, promptly, without undue delay, and based on importance).

  2. Generalized statements: Phrasing a requirement at a generalized or abstract level (for example, to manage or control a function or process).
  3. Unclear or undefined words: Use of words that are not defined or are subject to multiple definitions, which can leave the auditor with no basis for issuing a non-conformance.

  4. Goal but no tangibles specified: A requirement lacking specified verifiable actions or outputs (that is, there is no requirement to define, document, record, schedule, review, and so on). When there are no prescriptive requirements to audit against, audit findings could be perceived as subjective.

Suggestion: Ensure that your internal auditing procedures define these words and phrases, where used.  Better still, avoid using them in your policy and procedure documentation.

Result:  A common, appropriate understanding and application of the words and phrases internally. Avoidance of non-compliances from external auditors for having failed to define them.

ISO Internal Auditor options


4: Trained Internal Auditors Audit Reports based on reliable working papers that include Audit Trails

Ensure that Working Papers are part of the auditing system.  While not a requirement of any of the ISO MSS, working papers are a great place to provide guidance during the audit and to record data (including details of samples checked).  Some examples of working papers include:

  • Audit procedures
  • Checklists
  • Forms
  • Sampling plans
  • Auditee evaluation forms
  • Attendance record form
  • Audit questions
  • Log sheets
  • Guidelines

Suggestion: Prepare generic Working Documents and require, as part of the auditing procedure, your auditors to record their sampling plans, audit questions, checklists, etc. prior to the on-site audit activity.

Result:  On-site activities will be concluded more effectively and quickly.  Sound objective evidence to back-up audit findings and conclusions as recorded in the Audit Reports.

5: Trained Internal Auditors Write Non-conformance Statements Well

Long rambling statements of non-conformances are about as useless as cryptic ones.  In both cases, the person who needs to take corrective action may be unsure of what needs to be corrected and/or unable to identify, or seek out, the root cause.  

What's needed is a statement of the necessary information and only the necessary information. More easily said than done, of course.  And this is where the ENR4c Formula helps greatly.

What is the ENR4c Formula?

The ENR4c formula stands for Evidence, Nature, Requirement, Clear, Concise, Complete, and Correct.

It seeks to answer the following questions:

  1. What is the evidence  (E) that you looked at?
  2. What was the nature  (N) of the nonconformity?
  3. What was the requirement (R)?  And,  
  4. Is the statement clear, concise, complete,  and correct  (4C)?

The nonconformity statements will be the most-read part of the audit report.

Suggestion: Train your Auditors in the ENR4c Formula.  Remember it will take them time to get good at using it.

Result: With clear nonconformity statements, the auditee fixes the right problem and fellow auditors can more easily verify the effectiveness of corrective actions.

And Finally ...

You won't be surprised to learn that all of the above are integral to our Auditor Courses.  If you'd like to learn more about our Conversion Courses, click the 'Learn More' button below.

CTA Conversion Courses


Note This article was first published in May 2019; revised and updated in November 2021.

Related Articles

deGRANDSON Global is an ISO Certified Educational Organization

InISO 21001 ISO 29993 ISO 29994 October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic