Internal audit
The most important questions about internal audits
In order to have your organization certified for a Harmonization of Accreditation in Healthcare (HKZ) or an ISO standard, it will be necessary to conduct an internal audit. This involves checking whether your organization is working in compliance with the agreed rules and regulations and assessing your internal processes and working methods. In this blog, we answer the most important questions surrounding internal audits.
What is an internal audit?
In an internal audit, you examine the proper and reliable functioning of business processes in your organization. By performing an internal audit, you identify opportunities, risks and areas for improvement. You can then use the insights gained from this
audit
to improve your business processes.
Why is an internal audit important?
The main reason for conducting an audit is usually to obtain a specific HKZ or ISO standard. Internal audits are an essential part of the certification process. You cannot comply with these standards without an internal audit. The results of an internal audit may also be used as input for an external audit. Organizations such as DEKRA can conduct an external audit for you. For example, we can test your management systems or the safety or effectiveness of your internal organization.
What does an internal audit entail?
To conduct an internal audit of management systems for HKZ and ISO standards, you must follow ISO 19011 guidelines. As the internal auditor, you will have to ask yourself a carefully considered selection of questions related to compliance, efficiency and efficacy in order to clarify the what, how and why for your organization.
- 1. What do we do as an organization?
Check whether your organization complies with internal regulations (compliance).
- 2. How do we do it?
Examine whether your company’s internal regulations are the best way of achieving its goals and whether any improvements could be made.
- 3. Why do we do it?
Check whether the tested processes help you to achieve the envisaged purpose and whether this process contributes to your organization’s goals (efficacy).
When conducting an internal audit, organizations often forget to ask the ‘why’ question. But asking why will give the internal audit a strategic added value that will effectively help your organization to move forward.
What is the difference between an external and internal audit?
An internal audit is conducted by employees of your own organization to check processes for internal compliance, identify areas for improvement and manage risks. The focus is on continuous improvement and preparation for external audits.
An
external audit,
on the other hand, is conducted by an independent, external party (such as DEKRA) to check the organization's compliance with legal requirements or certification standards, such as ISO standards. These audits are often formal in nature and lead to certification or compliance reports. Both types of audits are essential for quality management and risk reduction.
What can be regarded as an internal audit?
Several audits can be seen as internal audits and others not. An overview of the various audits can be seen below.
- Internal checks (e.g. dossier inspections)
- Disaster analysis
- Random checks
- Tracers
- Regular internal audits (held as discussions)