Framework FAQs
      Back to home
      2. Framework FAQs

      What can I expect on the day of an internal audit?

      The article outlines the general overview of an internal audit

      What is an internal audit?

      An annual internal audit is a prerequisite to many certifications including ISO 27001, ISO 9001, ISO 14001 and ISO 42001.

      If you have an internal audit included in your Adoptech subscription then this will be organised with you before your Stage 2 audit for new certifications and before your surveillance audit for follow up years.

      The internal audit is a great preparation for your external audit both in terms of being a dress rehearsal (so you know what to expect format wise) and also providing you with a gap analysis for readiness.

      How long is an internal audit?

      The internal audit is typically one day but will depend on the range of certifications being covered and the size/complexity of the company. The Adoptech team will organise this with you.

      What will the internal audit cover?

      Typically an internal audit will cover all clauses and controls. The auditor will expect you to:

      1. be familiar with the requirements of the standard (working through the Requirements workflow will prepare you for this).
      2. be able to explain how you meet the requirements of the standard (understanding your policies, registers and control compliance procedures).
      3. have evidence that you meet the requirements; for anything not evidenced through the Adoptech portal, you will need to ensure you have access the evidence or the person that can provide the evidence is included in the audit, for example confidentiality clauses in contracts or background checks.

      How does it work on the day?

      Most internal audits are remote and scheduled for between 9:30 and 16:30 UTC to allow sufficient time for the auditor to cover all areas and view the required evidence (note this could vary to due to the number of standards being audited and the size/complexity of the company).

      The auditors that work with adoptech are all familiar with the platform; this saves a lot of time and makes the audit more efficient as they will usually not require someone to sit with them for the full audit.

      The audit starts with an opening call where the auditor will run through their plan for the day and identify areas that they would like to cover that will require someone from your company to be available. Depending on the clause/control, this could range from senior management (leadership clause), IT (Technical controls) to HR (people controls). 

      Who should be available for the internal audit?

      To ensure you get the maximum benefit from the internal audit you should ensure that anyone involved in the implementation of the standard or those that can provide evidence (eg HR) are available on the day. 

      This will be the same for the external audit.