ISO Auditing: How can you take your business to the ‘Next Level’?

Organisations that use ISO Management Systems enjoy many advantages. Even if you don’t plan to go for ISO certification, your business can extract great value from an internal audit and it can provide top management a realistic view of how likely they are to meet objectives.

There are so many reasons to think about audit as a partner in your management operations, so let’s dive into the world of ISO audits and discover the benefits.

Learn more about the Risk-based Auditing Approach! Download our FREE guide Risk-Based Approach to Auditing an ISO Management System.


An ISO audit can apply to an entire organisation or it may be applied to a specific function, process or production step. Some audits serve an administrative purpose, such as auditing documents, risk or performance or following up on completed corrective actions.

The formal definition of an ISO audit is found in the ISO standard – Guidelines for Auditing Management Systems Standards, which is:

“the systematic, independent and documented process for obtaining audit evidence (records, statements of fact or other information which are relevant and verifiable) and evaluating it objectively to determine the extent to which the audit criteria (a set of policies, procedures or requirements) are fulfilled.” ISO 19011:2018 – Guidelines for Auditing Management Systems.


There are three main types of ISO audits:

  • First-party (internal)
  • Second-party (external / supplier)
  • Third-party (certification)

First-party Audit

An Internal Audit is conducted on a process or set of processes to ensure they meet the organisation’s internal requirements and is used for evaluating the effectiveness of the Management System. The value of the Internal Audit is that it takes a critical look at your company and how it operates and improves the effectiveness of risk management, control and governance processes.

Second-party Audit

A Second-party or Supplier Audit is valuable for strengthening a company’s supply chain and verifying that suppliers meet or exceed predetermined requirements. A Supplier Audit can prevent quality, environmental or health and safety issues from reaching your customers.

Third-party Audit

A Third-party or Compliance audit is carried out by a Certification Body (CB) and evaluates whether the Management System meets the requirements of a specific ISO standard. If successful, the Third-party Audit will provide the organisation with a certification of conformity with the given standard.

The ISO 19011:2018 standard stipulates that a third-party Auditor must acquire the necessary knowledge and skills to be employed by a CB and pledge to abide by a code of ethical conduct in the performance of an audit. ISO certification confers numerous benefits such as increasing your organisation’s credibility and enabling you to secure business.

Surveillance Audit

These audits are held in years one and two after initial certification and in years one and two following each recertification. The audit is conducted by a Certification Body.

Recertification Audit

These audits are held every three years with a Certified Body performing the audit The goal is to continue to demonstrate management’s commitment to and ongoing improvement of the Management System to ensure its effectiveness.


Knowledge of the ISO standard(s) and conducting effective interviews are essential parts of the Internal Auditor’s job. Unskilled auditors will collect little useful information and their interview questions are likely to elicit predictable answers which are of no value. So ensure that your Internal Auditors are properly trained.

Our ISO Auditor Training courses are an efficient way of doing this: View our public Auditor Training courses here or Sign Up for an Online Learning Course here.


Audits are aimed at enhancing productivity, detecting problems at an early stage and ensuring that policy and objectives are being followed by everyone in the organisation. Below is a roundup of the benefits offered by auditing your ISO Management System:

  • Audits help us to analyse the compliance of our process with respect to the set ISO standards.
  • Audits aid us in identifying our strengths and weaknesses, which are necessary for us to tackle the various opportunities and threats in our industry.
  • We are able to assess and identify the areas for improvement of our efficiency.
  • Audits help us to identify deviations from our objectives and goals and provide us with the opportunity to correct them.
  • Above all, audits helps to bring in positive changes in departments by correcting the nonconformities observed and preventing them from recurring.


Are your Internal Auditors adequately trained to sufficiently audit ISO Management Systems?

Risk ZA’s focus is to conduct audits according to the new ISO 19011:2018 standard’s requirements which focus on a Risk-based Approach during the audit process.

Learn more about the Risk-based Auditing Approach! Download our FREE guide Risk-Based Approach to Auditing an ISO Management System.


Risk ZA assists businesses in Southern Africa make excellence a habit. We are experts in delivering a cost-effective route to ISO certification and make sure that ISO Management Systems work for you through our ISO Training, Auditing of Management Systems and our Consulting Services.

For more information about our wide range of training and consulting services, please contact our expert team on +27 (0) 31 569 5900, email

You can share this blog post on your preferred social media platform:

1 thought on “ISO Auditing: How can you take your business to the ‘Next Level’?”

Leave a Comment