Training ISO Internal Auditors is a must

internal auditing-1-1

ISO Standards require competence and that includes the competency of your Internal Auditors

All the ISO Management System Standards (MSS) since 2010 (adopting the High-level Structure- HLS) require that personnel be competent in their work.  So, while there are no specific requirements in these Standards for internal auditor training courses to be given, there is an implicit requirement that they be competent. 

And Guidelines for Auditing Management Systems as set out in ISO 19011 (see below) list many areas of knowledge and skill that auditors need.

The four Risks and Opportunities you need to be aware of:

When you address internal audit requirements with untrained audit program managers and/or untrained internal auditors, here are the significant risks you run ...

1. Auditing against Procedure alone is only half the job!

Historically, it has been common practice for CAB (external) Auditors to accept internal audit programmes based solely on auditing Procedures.  With the HLS, this practice has changed.  There are now several areas of MSS requirements where written procedures are unlikely to exist.

Here there is a need for solid evidence of these requirements having been audited (e.g. Context of the Organization, the needs and expectations of interested parties, Planning activities, adequate Support/Resource activities, etc.).  Internal auditors will need to produce credible Audit Programs and Audit Reports in these areas.

2. Unknown number on Non-compliances left to be found by External AuditorsISO Internal Auditor options

Untrained auditors will often walk past non-conformances (sometimes literally) and leave them to be found when next you have a CAB Audit.  These are surprises you can do without. Are Major Noncompliances going to cost your business its ISO Certification?

3. Unknown number on Non-compliances left to be found during Customer Audits

These same ‘missed’ non-conformances are there also when Customers and prospective Customers come to do a Supplier Audit of your operations.  How much business are you going to forego?  Will it cost you your job?

4. Opportunities for money-saving improvements missed

The occasion of an internal audit, where your auditors are interviewing staff members, is an ideal one on which to ask about: what needs improving? what should we be doing better? what changes would make like easier and work more efficient?

And this can be done without any extra cost with the information coming directly from those who do the actual work, and arguably best placed to suggest changes/improvements.

What the ISO Guidelines on Auditing say:

ISO 19011:2011, The Guidelines for Auditing Management Systems, in addressing auditor competence, sets out three areas where knowledge and skills are required, namely,

  1. Audit principles, procedures and techniques
  3. Management system and reference documents
  5. Applicable legal and other requirements that apply to the auditee to enable the auditor to work within, and be aware of, the organization’s legal and contractual requirements.


Relating to the first of these it states:

“Auditors should have knowledge and skills in the following areas:

a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different audits and ensure that audits are conducted in a consistent and systematic manner. An auditor should be able:
  • to apply audit principles, procedures, methods and techniques;
  • to plan and organize the work effectively;
  • to conduct the audit within the agreed time schedule;
  • to prioritize and focus on matters of significance;
  • to collect information through effective interviewing, listening, observing and reviewing documents, records and data;
  • to understand the appropriateness and consequences of using sampling techniques for auditing; 
  • to verify the accuracy of collected information;
  • to confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions;
  • to assess those factors that may affect the reliability of the audit findings and conclusions;
  • to use work documents to record audit activities;
  • to prepare audit reports;
  • to maintain the confidentiality and security of information; 
  • to communicate effectively, orally and in writing (including provisions for use of interpreters and translators);
  • to understand the types of risks associated with auditing.”


How well do your internal auditors match these requirements?

The Answer: Formal Training and a Development Program for your Auditors

For details of the ISO Auditor Online Training options we have available online, please visit our

Online Internal Auditor Training overview,

There are also more targeted options.


Choose an Internal Auditor Course


Related Articles


Note: This post was first published in Apr 2018; revised and updated in Jun 2021.

Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic