Internal Quality Auditing Services

In most cases, internal quality audits are primarily performed to satisfy the requirements of a QMS standard (e.g., ISO 9001, AS 9100, ISO 17025). And, as per the generic definition provided in ISO 9000:2015, "Fundamentals and vocabulary", these can be limited to simply identifying areas that are conforming along with any areas that are nonconforming.

ISO 9000:2015, sec. 3.13.1
audit
systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

Greater benefits from internal quality audits can be realized through utilizing a “contracted” internal auditor who also performs third-party audits for CBs (Certification Bodies). This approach provides valuable insight as to:

• “how” the CBs are interpreting the standard
• “how” their auditors expect to see the requirements implemented, and
• what types of questions the CB auditors will be asking.

In addition to being more familiar with the QMS standards, “contracted” internal auditors who also perform third-party audits for CBs are often “up-to-date” with knowing and understanding the “official” interpretations for that standard. For example:

• Official ISO 9001:2015 Interpretations from ISO TC/176/SC2
• IAQG "Official" AS 9100:2016 Series Clarifications

Further, a “good” contracted auditor, who is familiar with ISO 17021-1 (defining the requirements for “how” CBs operate) can show your company ways in which to justify the interpretations it has adopted, in order to prevent the receipt of invalid nonconformities from the CB's auditor.

The “true” purpose of any robust QMS is to identify and implement controls to identify and eliminate, or mitigate, risks to consistently fulfilling customer requirements and any established expectations (commitments) relating to the provision of products and/or services.

While not adopted by ISO, a “better” (more accurate) definition of an internal QMS audit is:

A structured investigative process for determining, through objective evidence, the adequacy and effectiveness of the controls implemented to eliminate or mitigate, risks to consistently fulfilling customer requirements and any established expectations (commitments) relating to the provision of products and/or services.

Although the word “risk” does not appear in ISO 9001/AS9100. sec. 9.2, “Internal Audit”, internal auditing can also be an effective tool for identifying quality-related risks; which present opportunities for improvement through implementing “risk controls” to eliminate or mitigate risks.

Certification Bodies (CBs) are placing greater emphasis on companies performing “risk-based internal audits“.

Randall can also assist companies in developing and implementing “risk-based” internal audit programs. There are many different types of audits that can be performed in order to better facilitate a robust “risk-based” internal audit program.

During his 25+ year career, Richard Randall has performed internal audits for micro-companies (as small as two people working from a residential home) up to mid-sized companies (50-250 employees) in the commercial (e.g., ISO 9001, Gafta), laboratory (e.g., calibration, testing, analysis) and Aerospace and Defense Industries (i.e., AS 9100 & AS9120).

Richard Randall is a Probitas Authentication certified AS 9100:2016 (Rev. D) Aerospace Auditor (listed in the Aerospace IAQG OASIS database). Probitas Authentication "AS9100 Aerospace Auditor" certificate.