Management System Audits

Find out more about the different types of audits

Man working at office desk with tablet and coffee

What is an Audit?

An audit is a tool used to review a process or function to determine if it is fit for purpose. Audits examine and compare a process against the documented version of it to determine if it still meets its aims and goals. In this way, they are great simulators for change and growth within a business as they can highlight potential areas for improvement.

There are a number of different types of audit when it comes to ISO Certification and Management System Standards all of which can be broadly categorised as:

Human hand holding pen and checklist, selective focus

Internal Audits

These are performed by the business on their own systems as part of the maintenance of their Management System. They look at individual systems and processes, looking to confirm that they are still fit for purpose.

For smaller businesses, or those struggling to prepare for an External Audit, it is possible for a third party to visit and carry out the Internal Audits on their behalf.

Men looking at laptop

Supplier Audits

These are performed on the systems and processes of any suppliers or contractors that an organisation works with. They look at how the suppliers are working to determine if they are doing what they say they are.

Although usually supplier audits are carried out by the business, it is acceptable for a third party to visit and carry out these audits on their behalf.

Construction surveyors looking up to building

External Audits

To ensure impartiality, these are performed by a nominated external third party at various intervals throughout the year, before and in addition to the external ISO certification audit that’s performed by your ISO certification provider.

The third party will either look at the management system in part, through random sampling or as a whole. The objective is to establish whether the management system still meets the requirements of the ISO Standard and provide your business with guidance on ways to make improvements. By doing this you can have greater confidence in the effectiveness of your system and increase the likelihood of passing the external ISO certification audit performed by your selected ISO certification provider first time.

ISO Certification Audit / Stage 2 Audit

A Certification or Stage 2 Audit is an in-depth look at a Management System, the purpose of which is to assess whether the business has put in place all of the processes and procedures that they need to meet the requirements of their chosen ISO Standard.

Following the success of this type of audit, and the confirmation of its results, certification is awarded.

This type of audit only happens once for each Standard a business is certified to. After this, the certification cycle begins.

Recertification Audit

A Recertification Audit is performed at the start of a certification cycle. Its purpose is to ensure that a business has been maintaining its Management System correctly and that all documented procedures comply with the ISO Standard.

This type of audit is in-depth and will look at all documented processes.

Businesses looking to maintain their certification must sit Recertification Audit as it is a requirement that certified bodies such as Citation ISO Certification ensure the ongoing compliance of a certified organisation against strict guidelines.

Surveillance Audit

A Surveillance Audit is an onsite periodic review, usually performed once a year, of an organisation’s Management System.

This audit forms an important part of the certification cycle, ensuring that the certified business maintains compliance with the requirements of the Standard – confirmed by their Recertification Audit at the beginning of the next cycle.

Typically a Surveillance Audit focuses on a few sections of the Management System, aiming to cover the entire Management System by the end of the certification cycle.

Remote Audit

A Remote Audit is an off-site Surveillance Audit – a periodic review of an organisation’s Management System, usually performed once a year. The audit is conducted using email and other resources to view and audit the necessary documentation.

As with the on-site version, a Remote Audit focuses on a few sections of the Management System, acting as one part of a plan to cover the entire Management System by the end of the certification cycle.

This type of audit isn’t appropriate for all businesses but for those who qualify it can be a more convenient option than an on-site Surveillance Audit.

Compliance Audit

Businesses who have a Management System, but no agreement for on-going audit support, may wish to confirm that their system is compliant with ISO Standards.

This is where the Compliance Audit comes in. This in-depth check of a Management System compares it against the ISO Standard, ensuring that it meets all of the requirements.

This type of audit isn’t appropriate for all businesses but for those who already have their Management System prepared, and the correct processes in place, it can be a convenient and affordable option.

How to get the most out of External Audits


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only