Typically, there are two types of International Organization for Standardization (ISO) audits: internal and external. Some professionals add another audit, the supplier audit, to the list. The basic purpose of audits and ISO certification is to improve the business through standardization and controlled processes. A business may conduct each type of audit in a different manner, but the resulting purpose is to improve the business. Generally, businesses enlist outside sources, such as consultants, specialized software, or other media, to guide them through the complicated ISO audit process.
There are several types of ISO certifications, and administrators often customize the audits to help a business obtain a specific certification. Additionally, there are specialized audits. An example of a specialized audit is the ISO 15489, which concentrates on a business's record management. This audit typically provides an agenda for setting up and executing a records management system.
The main purpose of the internal ISO audit is to prepare for the external audit. On-site ISO auditors generally conduct the internal ISO audits, whereas an independent company conducts the external audit. Either vendors or customers of the company perform the supplier audits. Many companies prefer to do business with companies that are ISO certified, and by auditing their vendors or customers, they are assured that the other company is upholding the proper standards. An internal audit within a company can highlight problems that may endanger the ISO certification or registration.
Some audits reveal intentional unethical or unsafe practices, but usually the violations result from simple human error. Most businesses discover these minor non-compliances during their internal audits and correct them before the external audit. This is one of the values of the internal audit. Another advantage of performing internal audits is that it helps a company develop a good auditing system.
There are many resources for a business to establish a good auditing system. Several business experts have written books and other media sources on developing ISO audit systems. Many of them offer seminars or workshops, at either an off-site location or on-site at the business facility. Other sources are consultation companies and software programs. Some of the tools that these sources offer include checklists and training programs for employees.
Some experts believe that the ISO audit process has four steps. They stress that it is important to complete the basic preparation phases before conducting the audit, either internal or external. These steps include researching the requirements for the ISO certification and gauging the scope of the project; preparation, including creating audit documents like checklists; and writing the reports necessary for ISO certification and other obligations, such as vendor or customer requirements.
ISO is a global association, and a company needs to perform audits at each facility, regardless of its location. For example, a business in the United States that has satellite facilities in Argentina, India, and the Ukraine needs to have an ISO audit system set up in each facility. The ISO organization certifies auditors who perform external audits at companies in various countries. The organization may also certify auditors in specific fields, such as auditors of food equipment, bottled water facilities, and drinking water device manufacturers.