How to Prepare your Company for an Audit of your Internal Processes

February 20, 2025

3

In company operations—whether related to finances, internal systems, or other key processes—aligning with the standards set by the ISO is essential for maintaining efficiency and credibility. Engaging independent third-party assessors to conduct a comprehensive evaluation ensures that business processes meet globally recognized benchmarks. Because of this, global organizations such as private companies pursue ISO certification to demonstrate their commitment to quality, efficiency, and compliance with best practices.

In this article, we will be tackling company audits with regard to internal processes and systems in place and the role that the International Standard Organization (ISO) plays in a successful audit.

_DSC9696-1

The Role of the ISO in Your Audit Preparation

The ISO, which began in 1947, is an independent and non-government organization that creates international standards for companies to adhere to when it comes to designing and implementing their internal systems. To ensure that they encompass and consider localized regulations, most countries — the Philippines included — have representatives in the ISO, helping the ISO create the standards in which to assess international companies by.

For companies who wish to become ISO certified, an external audit by the ISO accredited certification bodies is done as they assess your internal systems through your documentation, your risk assessments, internal controls and your employees’ knowledge of your systems. Before this happens, most companies take it upon themselves to have a company-wide internal preparation, simulating what happens during an external audit with their own quality assurance or management team acting as the auditors – this is what we call an internal audit.

Difference of an ISO Certification Internal and External Audit

In essence, the internal and external audit are the same – specifically since the internal audit is supposed to act as a simulation of an external audit. With this, as said above, the main difference lies in the auditors.

For an external audit of your internal systems, representatives from ISO request your company’s internal documentation – from your standard operation procedures, business continuity procedures and workflow processes of every department. This is submitted to them ahead of time before they perform an audit check and interview your employees.

Once they have had the time to look into your internal systems and processes, they then interview your management team, department heads and random employees to assess whether your internal processes are followed based on the company set standards and in accordance with the requirements of the ISO. Once you’ve completed this part of the audit and you comply with their requirements and pass their standards, your company is then issued with an ISO 9001:2015 certification.

But what is the importance of becoming ISO certified?

The Importance of an ISO Certification

Obtaining ISO certification adds credibility to your organization and secures client trust. As an internationally acclaimed organization, the ISO sets a gold standard for internal systems that demonstrate your company’s commitment to quality and compliance. This helps strengthen partnerships with clients, assures them of your operational efficiency, and positions your company as a reliable and trustworthy partner in the market.

The Role You Play in Audit Preparation

As you prepare for your internal audit, everyone in the company has a role to play. From the start, management must make it clear the audit preparation efforts should be prioritized to ensure that teams are aligned in achieving a common goal – to receive ISO certification.

Management or Executives

The goal to become ISO certified first and foremost starts with management. Depending on the company’s growth over the years, they can determine whether or not it is time for the company to apply for ISO certification and trigger the necessary preparation for it.

Once preparations begin, all initiatives must come from management – ensuring that they provide all the necessary information, tools and resources that employees would need to be able to comply with the internal and external audit requirements. Management’s outlook during this preparation would set the tone for the entire company, encouraging employees to treat the audit with utmost importance.

Read: Spearheading Change: How to Direct your Company’s Growth

Team Leads and Managers

Once management sets the tone for the audit preparation, it becomes the team leads and managers’ responsibility to trickle down all the information – ensuring that their team members understand the expectations from them during the audit and supervise the proper implementation of the department’s internal processes leading up to the audit date.

Aside from this, managers are also encouraged to take a proactive role in their employees’ preparation, giving their teams access to all the resources and training required for the audit and building a channel of communication wherein employees can approach them for help when needed.

Employees

Employees who work under different managers and departments now become the frontlines of the process. With the resources and information made available to them, it becomes their responsibility to utilize it – understanding and adhering to company standards and ensuring their daily work complies with the standards. During the audit proper, they must be able to demonstrate the knowledge of these processes to show auditors that they are in compliance.

Auditors

During an internal audit, your auditors would most likely come from your Quality Management or Internal Audit Team. For the audit preparation and audit proper, these employees must be unbiased and objective as possible – acting as third-party investigators all throughout. Their role is to thoroughly assess the company’s internal processes, identify areas of improvement, and provide actionable feedback. By simulating the external audit process, internal auditors help the company refine its systems and improve its chances of passing the external ISO audit.

What to Expect During the Internal Audit Proper

The internal audit is a critical step in preparing your company for the ISO certification process. We conduct internal audits to ensure compliance with our standards as a commitment to continuously improving our system while preparing the company for the external audit. Treating the internal audit with the same seriousness as the external audit ensures a smoother process and reduces the risk of non-compliance when the ISO auditors arrive.

Treating the Internal Audit Like the Real Thing

Employees must approach the internal audit with the same professionalism and preparation they would exert during an external audit done by the ISO.

During the audit proper, make sure you and your employees understand the purpose of the audit, are prepared for the interviews and have all the necessary documentation formatted according to ISO standards. Treat the internal audit as an opportunity to identify potential issues, address them proactively, and build confidence in your company’s systems even before an external audit – ensuring that findings are positive once the real thing comes.

The Interview Process

Once your company’s documents and processes are submitted to your internal auditors, interviews for every department head and random members of every department come next.

During this phase, employees at random are invited into interviews to simulate the external audit process as employees must demonstrate their knowledge of the internal processes applicable to their daily duties and responsibilities as well as the company values and procedures that act as the overarching objectives of all departments.

Employees should:

Familiarize themselves with standard operating procedures (SOPs) relevant to their roles.

Be prepared to explain how they carry out daily tasks in compliance with company policies.

Answer questions honestly and confidently, providing examples of how they follow established processes.

Auditors may ask questions like:

“Can you walk us through the steps you take to complete a specific task?”

“What resources or tools do you use to ensure compliance with company policies?”

“How do you respond to unexpected issues or challenges in your role?”

The goal of these interviews is to assess whether employees understand and follow the processes outlined in the company’s documentation.

Reviewing Documentation

During the internal audit, auditors will also thoroughly review the company’s documentation. This includes:

Standard operating procedures (SOPs).

Business continuity plans (BCPs).

Workflow processes for each department.

Records of employee training and development.

Regulatory compliance documents.

It is important to ensure that all your documents are up to date, accurate and easily accessible by those essential to the process and/or document. Employees responsible for maintaining these records should work closely with auditors to provide any additional information or clarification needed.

Timeline and Schedule

The internal audit process typically follows a structured timeline to ensure all areas of the company are thoroughly assessed. A typical schedule may include:

Pre-Audit Planning: Setting objectives, selecting auditors, and preparing the audit plan.

Opening Meeting: Introducing the audit team, discussing the scope and objectives of the audit, and answering any initial questions.

Audit Execution: Conducting interviews, reviewing documentation, and assessing internal systems and processes.

Closing Meeting: Summarizing preliminary findings and providing an opportunity for clarification or additional input.

The entire process may take several days to weeks, depending on the size of the company and the complexity of its systems.

Post-Audit Actions: What Comes Next?

Once the internal audit is complete, the company must take the findings seriously and address any areas of non-compliance or improvement. This phase is essential for ensuring readiness for the external ISO audit and demonstrating a commitment to continuous improvement.

Receiving the Audit Findings

After the closing meeting, the internal audit team will provide a detailed report of their findings. This report typically includes:

A summary of the audit process and scope.

Identified strengths and areas of compliance.

Non-conformities or gaps in the internal systems.

Recommendations for improvement.

It is important for management to review this report carefully and prioritize addressing the findings.

Addressing Non-Conformities

If the internal audit identifies non-conformities, the company will be given a timeline to reconcile these issues. Common examples of non-conformities include:

Inconsistent implementation of SOPs across departments.

Outdated or incomplete documentation.

Gaps in employee training or knowledge.

To address these issues, the company should:

Assign responsibilities to specific team members or departments.

Develop an action plan with clear deadlines and milestones.

Monitor progress regularly and provide support to ensure timely resolution.

Implementing Corrective Actions

Corrective actions are measures taken to eliminate the root cause of non-conformities and prevent them from recurring. These actions may involve:

Revising SOPs to clarify procedures.

Conducting additional employee training sessions.

Updating documentation to reflect current practices.

Implementing new tools or systems to improve efficiency and compliance.

Management should oversee the implementation of corrective actions and provide regular updates to the team. This helps maintain transparency and accountability throughout the process.

Preparing for the External Audit

Once all non-conformities have been addressed and corrective actions implemented, the company can begin preparing for the external ISO audit. This involves:

Conducting a final review of documentation and processes.

Scheduling mock interviews to ensure employees are confident and prepared.

Verifying that all corrective actions have been successfully implemented.

The internal audit findings should serve as a guide for these preparations, ensuring that the company is fully ready to meet ISO standards.

The Bottom Line

As your company prepares for an external audit, it is important to note that the internal audit process is not merely a one-time preparation but an ongoing testament to your company’s commitment to quality and excellence.

As you receive ISO certification and become successful in the external audit preparation and proper, it should be noted that continuing to conduct regular internal audits to trigger an update in outdated processes, systems and trainings will help your company’s internal controls remain evergreen – ensuring compliance with ISO standards at all times and building a culture of continuous improvement and innovation for the management and employees overall.

Need Quality Finance and Accounting Support?

D&V Philippines provides scalable finance and accounting solutions that can adapt to any landscape. If you’re interested in learning more about our services, schedule a free consultation with us!

You can also download our Your Talent Sourcing Partner Whitepaper to see how we value our talents.

This article has been written in collaboration with Aly Tagamolila, a content specialist at D&V Philippines.