How to Become an ISO Certified Internal Auditor


QEHS Consultant

Before we answer that question, let's start with a few things


Table of Contents


What is an ISO Internal Auditor?

When the expression Internal  Auditor is used, it refers to an auditor who participates, perhaps leads, an ISO management system audit of his/her own organization's management system.

Are Internal Audits Necessary? 

Internal audits are a mandatory and necessary part of an organization's obligation to demonstrate ongoing compliance with the requirements of the ISO Management System Standard(s) to which the organization subscribes. 

At a practical level, internal audits help ensure that when external auditors come to check compliance - either a Certification Body auditing as the basis of continuing certification of compliance or Supplier Audits as the basis of placing business with the organization - there will be few if any non-compliances to be discovered. 

Additionally, internal audit programmes are a great occasion to identify opportunities for improvement. After all, it is during internal audits that auditors are talking with the very people most familiar with the day-to-day workings of the organization.

How does the Internal Audit Process Go?

ISO Internal Auditing is not a boring box-ticking exercise but an engrossing set of activities involving:

  1. the interviewing of people doing the work that makes your organization a success,
  2. observing the workplace in action,
  3. checking workplace activities and processes, as well as
  4. scrutinizing documents and records, 

What are the Advantages of Being a Certified Internal Auditor?

As experienced internal auditors have knowledge of the processes and activities at many levels and functions within the organization, they are frequently chosen for promotion ahead of their colleagues.

What are the Business Applications of Internal Audits?

The finance profession tends to use terms like internal auditor and lead auditor as if they only apply to the finance sectors. 

ISO Management System Standards apply to any sector - quality, environment, energy, medical device manufacture, food safety, occupational health and safety, information security, etc. 

It's best to refer to ISO Internal Auditors and ISO Lead Auditors in regards to these standards.

Does Internal Auditor Certification Apply to All Standards?

No. An internal auditor trained in the requirements of ISO 9001, the quality system standard, is not equipped to audit against the requirements of, say, ISO 14001, the environmental management system standard. This is for the simple reason that the two standards have very different objectives and significantly different detailed requirements. 

So, an ISO 9001 Internal Auditor would need additional training (an ISO 14001 Extension Course) before they were capable of conducting an ISO 14001 audit.

That being the case,

How do you become an ISO Certified Internal Auditor?

In general, there are five steps that you need to take to become an ISO certified Internal Auditor. 

  1. Acquire the temperament and personal attributes needed to be a successful Internal Auditor. Ideal attributes for internal auditors include being ethical, open-minded, diplomatic, observant, perceptive, tenacious, decisive, culturally sensitive, having the ability to act with fortitude, etc.

  2. Gain the technical experience, subject expertise, supervisory and managerial experience needed to conduct an audit. See a list of 5 benefits that you can get from having trained internal auditors.

  3. Complete an ISO Internal Auditor Certification Course. You can choose between a 2-day conventional course or 12-hour online course.
  4. Undertake internal audits as often as possible. 3 times-a-year is considered the minimum number of internal audits needed to maintain auditing skills. 

  5. Finally, have yourself evaluated as a competent internal auditor.  Typically this is done by a QHSE Manager, or equivalent and recorded in your personal training/competency record.

That being said, there are several things that you would need to consider if you want to become a certified Internal Auditor like the following.

Is Having an Internal Auditor Certificate Already Enough?

ISO Internal Auditor optionsOnce upon a time, it was 'certification equals competency' and organizations like IRCA built a recognized Register of Auditors. 

As ‘the only game in town,’ Lead Auditor training was taken not only by Certification Body Lead Auditors but also by Consultants and QHSE Managers (especially in their role as Audit Programme Managers) wishing to develop their skills and expertise.

Since 2011, a Lead Auditor Certificate alone is no longer acceptable as proof of competency. ISO 19011, the Guidelines for auditing management systems, made this clear by defining competence as the ‘ability to apply knowledge and skills to achieve intended results’.

Registers of Lead Auditors are simply redundant.  And a register of internal auditors was 'never a thing'.

And what then is the relationship between internal auditor certification and competency?

What are Required Competencies for Internal Auditors?

ISO 19011 sets out 4 headings in determining auditor competence. They apply equally to internal auditors and to lead auditors. namely,

  • General: Organizational knowledge, skills and experience; working experience is essential.
  • Knowledge and skills: To successfully complete an audit, generic competence (including auditing skills) and a level of discipline and sector-specific knowledge and skills (i.e. of the applicable ISO Standard and of the economic sector being audited) are required.
  • Achieving Auditor Competence: After ISO Auditor Certification building experience by regular participation audits.

Internal Auditor Certification in ISO 9001, ISO 14001, ISO 13485, ISO 27001, ISO 45001


What Jobs Can Certified Internal Auditors Get?

Of course, internal auditing of a single ISO Standard (usually ISO 9001) may not be the limit of your ambition. 

You can extend range and type of audit you conduct by adding another standard to the scope of your auditor certification (e.g. take an ISO 14001 Internal Auditor Extension Course - 8 hours) or raise your game by taking a Lead Auditor Course (those responsible for Supplier Audits often do this to ensure the depth of knowledge necessary to adequately carry out such an audit).

Where to Find More Information if You Want to Become an Internal Auditor

For more in-depth information we recommend you read ISO 19011:2018, especially: 

  • Part 7: Competence and evaluation of auditors, and
  • Annex A: Additional guidance for auditors planning and conducting audits.


Choose an Internal Auditor Course

Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic