What questions to expect on the ISO 9001 certification audit

After you have created and implemented a Quality Management System (QMS) using the ISO 9001:2015 standard requirements, you will need to have a third-party certification body perform a certification audit to declare that your QMS is in compliance with the standard. This is the only way that you can claim compliance with the standard and gain the benefits that come from advertising that you have a QMS.

This can be a nervous time for the employees of a company, especially if they have never been audited by people from outside of your company before. Even those who have become comfortable with internal audits can be nervous of outside auditors. So, what will the auditors ask when they come into your company for the first certification audit?

For more information on understanding an ISO auditor, check out this Infographic: The brain of an ISO auditor – What to expect at a certification audit.

What will the auditor ask?

There are many ways that an auditor will try to find the answers to their questions, including review of records, observing employees, and interviewing employees. While it is not possible to record every question that might be asked, it is helpful to know the main questions they are trying to answer and some ways they might query the information:


  1. Is every clause in the standard addressed? While most of this is answered in the documentation audit (when the auditors look at the documented procedures that your company has and compare them to the standard to make sure that each meets the requirements of ISO 9001), some procedures are not documented. When this happens, the auditors will try to find out how these undocumented processes are done in order to compare them to the requirements. They may ask questions like: “Tell me how this process is done,” “Show me how you do this process,” or some other demonstration like this. This will give them the information needed to verify that the process you are doing meets the ISO 9001 requirements.
  2. Are the processes consistent? While some minor variations between operators may be acceptable, such as the order that a form is completed in, the outcomes of the process need to be consistent in order for it to be effective. If an auditor watches three purchasing employees create a purchase order and each uses a different set of steps to accomplish the task, and the outcomes of the purchasing process are very different such that errors could be made, then it may be determined that the inconsistent process is problematic.
  3. Have all processes been reviewed? After seeing that all necessary processes and procedures are in place, the external auditors will want to make sure that you have done your job and started the process of reviewing your QMS – this is called the internal audit process. The auditors will ask to see the internal audit schedule and evidence that internal audits were completed, check that internal audit records such as audit reports are in place, and make sure that findings were issued, addressed, and followed up.
  4. Have you implemented corrective actions where needed? Part of addressing any findings from the internal audits, or other findings of systemic non-conformances, is the corrective action process. How has this process been implemented? Are your corrective actions done in a timely fashion? How well do you verify that your corrective actions have been effective to prevent the recurrence of a problem? Expect that you will need to go through several of your closed corrective actions to show this.
  5. How have you implemented risk-based thinking? As a new focus of the ISO 9001:2015 version, this is certain to be an area of questioning by certification auditors. How have you started to include risk assessment into all the areas needed, such as contract acceptance and design? How have you adapted the old preventive action process for addressing risk?
  6. Has management review of the system been completed? Another area of third-party auditor concern focuses around how well your senior management are involved in reviewing the outcomes of the QMS in order to address any needs, such as assignment of resources to address deficiencies. Expect your management review to be scrutinized, and be able to show the results of the review. Were resources assigned because of the review? Was everything reviewed? Were problem areas a focus of the review?
  7. How have you prepared for improvement? One of the main focuses of the QMS is continual improvement, and this needs to be planned for. Although you may not have a lot of improvement tasks completed, the auditors will expect that you have plans in place to do so. What improvement do you expect to happen? What are your quality objectives, and how well are you tracking them for improvement? Can you identify where you expect improvement to be accomplished?

Make the certification audit easier by preparing your employees

It is important to remember that auditors are trying to verify compliance, not to find something wrong. In general, the auditor just wants people during the audit to give the information they know without making something up, and if they need to look up a particular piece of information, that is acceptable. In the end, the auditor just wants to be able to demonstrate that what was planned to be done was done.

We are all nervous of the unknown, and this is especially true of employees who think that they may be in trouble by giving the wrong answer to a question in an audit that they can’t even prepare for. Let your employees know what the auditors might ask, and the information they are trying to access, and it will be much easier to respond on the day of the audit. This is the best preparation you can do.

To better prepare for implementing ISO 9001:2015, find out more about the basics with this online  ISO 9001:2015 Foundations Course.

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.