+31 (0)73 - 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Beglië
  • Dutch
  • English
  • Beglië
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Contact
  • Information security
    • ISO 19770-1
    • ISO 27001
    • ISO 27017 and ISO 27018
    • ISO 27799
    • BIO
    • NEN 7510
    • SOC 2
    • ISAE 3402
  • Privacy
    • Whitepaper BC 5701
    • AVG standard BC 5701:2023 NL
    • GDPR standard BC 5701:2023 EN
    • GDPR standard BC 5701:2024 EN
    • BC 5701
    • ISO 27701
  • Quality
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge base
  • News
  • Academy
    • NIS2 training course
    • ISO 27001 training courses
    • BC 5701 training courses
  • About us
    • Start your certification journey
    • Accreditations
    • Compliment, complaint or tip
    • Privacy Statement
    • Vacancies
    • Contact

Certification process

10
  • Checklist certification
  • Do you have your first audit soon?
  • How long does ISO certification take?
  • What is a certification cycle?
  • Applying for a certification process
  • Initial audit Stage 1
  • Initial audit Stage 2
  • Nonconformities management system
  • Certificate suspended or revoked? This is how you solve it!
  • Transfer of certification

BC 5701

5
  • BC 5701 certification: where do you start?
  • Your record of processing activities and the GDPR
  • Your Data Protection Officer and the GDPR
  • Checklist for your BC 5701 certification
  • Data breach: What is it and how do you prevent it?

General

9
  • SOC 2 or ISAE 3402: which standard suits your organization?
  • The Traffic Light Protocol (TLP): what does it mean for you?
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Find out more about internal audits
  • Tips to describe a proper scope
  • Accreditation versus certification
  • The use of certification logos

ISO 27001:2022

3
  • Operational Capabilities: The Backbone of Information Security
  • ISO 27001:2022 – FAQ transition
  • ISO 27001:2022 – Transition process

Whitepapers

2
  • Whitepaper management system audits
  • Whitepaper GDPR Certification Standard and Criteria BC 5701

Best practices

3
  • Mastering GDPR compliance: best practices
  • Excelling in information security: best practices
  • Quality Management: best practices for success

NEN 7510

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 Directive

2
  • NIS2 liability
  • NIS2 & the Belgian CyberFundamentals
View Categories

Internal or external audit?

3 min. leestijd

As a company it is important to assess and improve the performance of your management system. This is where auditing comes into play. There are two types of audits used to assess the effectiveness of a management system: internal audits and external audits. In this article, we take a closer look at the meaning of management system audits, the differences between internal and external audits, and what they have in common.

external auditAudit meaning

First of all, let’s explain what an audit entails. 

Definition: an audit is a systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled (source ISO 19011:2018). 

Auditing is thus conducting an investigation into the compliance of an organization with audit criteria. The aim is to provide additional assurance to the auditee (the organization where the audit is performed) or to society. A management system audit focuses on the investigation of the design, existence and operation of a management system. The auditor who performs the audit records the results of the audit in an audit report. 

What does internal audit mean?

An internal audit is a so-called ‘first party’ audit. This is because the internal audit is performed by (or on behalf) of the organization itself, for management review and other internal purposes. Internal audits can form the basis for a self-declaration of conformity. The investigation is therefore carried out by internal auditors employed by the organization.

What is an external audit?

An external audit is a ‘second party’ or ‘third-party’ audit. These audits are performed by external auditors, independent of the organization. 

  • Second party audits are carried out by parties with an interest in the organization. This concerns an audit that is performed by an organization that acts in its own interest or on behalf of another. This is usually an investigation at a supplier, often at the request of a customer.
  • Third party audits are performed by external independent organizations such as a Certification Body. A third party audit can be performed under accreditation, which provides extra reliability. 

What are the differences?

Let’s consider the differences between an internal and an external audit: 

  • As we already described, an internal audit is usually performed by an employee of the company, while an external audit is performed by an independent (second or third) party.
  • An internal audit is more focused on improving
    the performance of the company while an external audit is mainly focused on assessing the performance.
  • An internal audit results in an internal report. An external audit results in an external report where, if you meet the audit criteria, you receive a certificate that can be used to show this to the outside world.

Are there any similarities?

What the audits have in common is that in both cases the effectiveness of a management system is assessed and whether the management system meets the requirements of a standard.

Questions?

If you have any questions after reading this article, please contact one of our account managers. They are happy to talk to you. 

Share This Article :
  • Facebook
  • X
  • LinkedIn
Updated on 16 January 2024
What is a management system?Find out more about internal audits

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 scope 33 information technology and 35 other services.

Brand Compliance B.V.

Hambakenwetering 8D2
5231 DC ‘s-Hertogenbosch

+31 (0)73 220 2000
info@brandcompliance.com

Chamber of Commerce nr.: 32101659
VAT nr.: NL8130.78.854.B01

Brand Compliance Belgie B.V.

Uitbreidingstraat 66
2600 Berchem (Antwerpen)

+32 (0)14 48 0730
be-info@brandcompliance.com

VAT nr.: BE0735.675.516

Brand Compliance Nordics AB

Vasagatan 16 2 TR
111 20 Stockholm

+31 (0)73 220 2015
info@brandcompliance.com

Org.nr: 559238-1387

© Copyright 2025 Brand Compliance