+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Français
  • België
  • Dutch
  • English
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • Transition CyberFundamentals 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • Transition to ISO/IEC 27701:2025
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

How to conduct an internal audit

Conducting an internal auditConducting internal audits is an important part of maintaining and improving a management system. Through an internal audit, your organization assesses whether processes are carried out as intended and whether the management system meets the requirements of the applicable standard and the organization’s own arrangements.

But how do you conduct an internal audit? What should you consider, and which steps are important? In this article, we explain how an internal audit of a management system can be prepared, conducted, reported and followed up.

Guidance for internal audits #

The ISO 19011 standard provides guidance for auditing management systems. It covers, among other things, the principles of auditing, managing an audit programme, conducting audits and evaluating the competence of auditors.

ISO 19011 can be used as practical support when planning and conducting internal audits. The guidance is applicable to organizations that need to conduct internal audits of management systems or manage an audit programme.

Conducting an internal audit #

An internal audit requires a structured approach. This allows your organization to assess whether the management system is functioning effectively and whether processes meet the requirements of the standard, internal policies and internal procedures.

Below are the key steps for conducting an internal audit.

1. Preparation #

Start by defining the audit objective, the audit scope and the audit criteria. Determine which part of the management system will be assessed, which processes will be reviewed and which documents, records or requirements are relevant. Then plan the audit activities and inform the employees involved in good time. Proper preparation contributes to an efficient audit.

2. Document review #

Review the relevant management system documentation in advance. This may include policies, procedures, work instructions, records, objectives, performance indicators and previous audit results. This document review helps the internal auditor understand the processes and conduct the audit in a more focused way.

3. Conducting the audit #

During the audit, the internal auditor collects audit evidence. This can be done by conducting interviews, reviewing documents and records, and making observations within the organization. The auditor assesses whether processes are carried out in accordance with the requirements and whether the management system has been effectively implemented. Findings should be based on objective audit evidence.

4. Findings and analysis #

After the audit activities have been completed, the auditor analyses the information collected. The findings are evaluated against the audit criteria. This may result in confirmations of conformity, points of attention, opportunities for improvement or nonconformities. A nonconformity means that a requirement from the standard, the management system or the organization’s own arrangements has not been fulfilled.

5. Reporting #

Record the results of the internal audit in an audit report. The report should describe, among other things, the audit objective, audit scope, audit criteria, audit method, findings and conclusions. Communicate the report to the relevant stakeholders, including top management. The results of internal audits often also provide input for the management review.

6. Follow-up #

When nonconformities or other issues have been identified, management determines which corrective actions are needed. It should then be checked whether these actions have been implemented and are effective. Follow-up of internal audit findings is important for improving the management system and preventing recurrence of nonconformities.

Internal audit as preparation for certification #

An internal audit is also an important step in preparing for a certification audit. During a certification audit, an independent auditor assesses whether the management system meets the requirements of the standard.

Do you have your first certification audit soon? A well-conducted internal audit can help identify potential points of attention in advance. You can also consult our certification checklist for more steps in preparing for certification.

Internal or external audit? #

Internal audits and external audits both assess aspects of a management system, but they have a different role and purpose. If you want to understand the difference, read our article about internal and external audits.

Conclusion #

Conducting an internal audit requires careful preparation, execution, reporting and follow-up. By applying a structured approach, your organization gains insight into the performance of its management system and potential areas for improvement.

Also review the internal audit requirements in the management system standard that applies to your organization. In many management system standards, these requirements are included in clause 9.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 3 July 2026
How long does ISO certification take?Describing the scope of certification: tips and examples
Contents
  • Guidance for internal audits
  • Conducting an internal audit
    • 1. Preparation
    • 2. Document review
    • 3. Conducting the audit
    • 4. Findings and analysis
    • 5. Reporting
    • 6. Follow-up
  • Internal audit as preparation for certification
  • Internal or external audit?
  • Conclusion

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance
Thank you for your rating!
Thank you for your rating and comment!
This page was translated from: Dutch
Please rate this translation:
Your rating:
Change
Please give some examples of errors and how would you improve them: