Internal or external audit?
As a company it is important to assess and improve the performance of your management system. This is where auditing comes into play. There are two types of audits used to assess the effectiveness of a management system: internal audits and external audits. In this article, we take a closer look at the meaning of management system audits, the differences between internal and external audits, and what they have in common.
Audit meaning #
First of all, let’s explain what an audit entails.
Definition: an audit is a systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled (source ISO 19011:2018).
Auditing is thus conducting an investigation into the compliance of an organization with audit criteria. The aim is to provide additional assurance to the auditee (the organization where the audit is performed) or to society. A management system audit focuses on the investigation of the design, existence and operation of a management system. The auditor who performs the audit records the results of the audit in an audit report.
What does internal audit mean? #
An internal audit is a so-called ‘first party’ audit. This is because the internal audit is performed by (or on behalf) of the organization itself, for management review and other internal purposes. Internal audits can form the basis for a self-declaration of conformity. The investigation is therefore carried out by internal auditors employed by the organization.
What is an external audit? #
An external audit is a ‘second party’ or ‘third-party’ audit. These audits are performed by external auditors, independent of the organization.
- Second party audits are carried out by parties with an interest in the organization. This concerns an audit that is performed by an organization that acts in its own interest or on behalf of another. This is usually an investigation at a supplier, often at the request of a customer.
- Third party audits are performed by external independent organizations such as a Certification Body. A third party audit can be performed under accreditation, which provides extra reliability.
What are the differences? #
Let’s consider the differences between an internal and an external audit:
- As we already described, an internal audit is usually performed by an employee of the company, while an external audit is performed by an independent (second or third) party.
- An internal audit is more focused on improving
the performance of the company while an external audit is mainly focused on assessing the performance.
- An internal audit results in an internal report. An external audit results in an external report where, if you meet the audit criteria, you receive a certificate that can be used to show this to the outside world.
Are there any similarities? #
What the audits have in common is that in both cases the effectiveness of a management system is assessed and whether the management system meets the requirements of a standard.
If you have any questions after reading this article, please contact one of our account managers. They are happy to talk to you.