This section of the knowledge base covers internal auditing across ISO management systems - how organisations check their own management systems for themselves, find problems early and feed the answers back into improvement. Articles are written for the people who actually run internal audits day to day - quality managers, SHEQ leads, internal auditors and management system owners working under ISO 9001, ISO 14001, ISO 45001, ISO 27001, ISO 22301 and ISO 37001.
The cluster begins with the foundation - what internal auditing is, what the standards expect from ISO 9001 Clause 9.2 and the equivalent clauses in the other standards, and how findings link to the wider management system. From there the articles cover the audit programme and schedule, planning individual audits, auditor competence and independence, conducting audits in practice through document review, observation and interviews, writing up findings and audit reports, and following up with corrective action and verification under Clause 10.2.
Throughout the section, articles assume the management system is integrated rather than treated as a separate ISO compliance layer. A single audit of a process can cover the requirements of multiple ISO standards in one visit, and the same audit programme satisfies every relevant standard. Where individual standards add specific audit requirements (ISO 27001 Annex A controls, ISO 22301 exercising, sector-specific regulations), the articles flag the position clearly.
Each article includes a practical advice section pointing at the alphaZ documents that operationalise internal auditing - the ER11 audit schedule, the F-Q2 audit checklist, F-Q31 audit report template, internal audit training materials, the policy and guidance documents, and the process audit checklists for individual management system areas. Used together these turn the principles into a working audit programme that small and medium organisations can run with one or two trained auditors.
Internal audit is not a gotcha exercise. It is the organisation checking its own work to find problems before someone else does, and using what it finds to improve. Done well it is one of the most useful things in the management system. Done badly it becomes a paperwork exercise that nobody learns from.
The pattern that works is a single audit programme covering every standard the organisation is certified to, with auditors competent enough to be useful and independent enough to be credible. The articles in this section cover how to plan that programme, run individual audits and turn findings into action that actually changes things.
When auditing internal audit I look at three things. Was the programme actually delivered. Did findings get raised honestly, including against management decisions. Did corrective actions close the gaps and demonstrate the underlying issue. The articles in this section cover how to make all three answers yes.