Although the Standard ISO 9001 doesn’t stipulate the frequency, it leaves it open to being held at ‘planned intervals’. According to QA-Z Systems Coaching , the wording of this suggests there is planning involved and that there must be a way of determining how frequent those intervals must be. It is presumed that each process is to be audited internally at least once a year prior to the surveillance audit.
It is a fairly straight forward process to conduct the planning stage of internal audits.
Establish an ‘Internal Audit Planner’. This lists each process individually and assigns responsibility to a trained auditor. Remember the Internal Auditor must be independent of the process being audited. So if the Internal Auditor is one of the employees working within operational or supporting processes, someone independent must assess the work that the auditor usually undertakes.
Consider the results of any previous inspections or audits on each process before determining an initial frequency. If there were a low number of nonconformities then set a relevant frequency less often than areas of high nonconformity. Determine the importance of each process. Question: If this process were out of control - how would it affect the meeting of customer requirements and the safety and security of workers and the company itself?
There are no rules on frequency. Some processes may need to be audited weekly or monthly while others only annually.
Once a planner is established, create a schedule of audits. It may be useful to display or make this available to managers of departments involved. Make changes to the planner and subsequent schedule as often as required. The Internal Auditor or Management Team should be encouraged to review the frequency of a process if found inadequate or unreasonable and make a recommendation following internal auditing of each process. Remember to keep the ‘Internal Audit Schedule’ up-to-date and each copy dated or containing a revision number.
Use internal auditing function as an effective internal measure of how compliant the organization is and aim to ensure all processes are functioning well before the annual external audit.