Internal Audit for ISO 17025

Internal audits of its activity to verify that its operations continue to comply with the requirements of the quality system and ISO/IEC 17025.

Internal audit ensures that quality system fulfils the requirements of ISO /IEC 17025, accreditation relevant specific criteria document and regulatory bodies. The Audit also ensures whether or not the requirements of the laboratory quality manual and related documents are applied at all levels of work. The non-conformities found during the internal audit give valuable information for the improvements of the laboratory’s quality system and technical competence, which is to be used as a input to management reviews.

Quality managers manage internal audits.They verify conformance to the ISO/IEC 17025 requirements and also to company policies,processes and procedures.Internal audits are also quite useful in preparation for external audits. External auditors can come from clients or from accreditation bodies. They verify that the laboratory is operating in compliance with ISO/IEC 17025.

There should be procedures for staff responsibilities before, during, and after internal and external audits. Overall owners should be defined, and all employees who may be affected by the audit should be trained. This chapter summarizes recommendations for audits. To make best use of internal audits, they should be designed, executed, and followed up very much in the same way as expected external audits. The recommendations for audit preparation, performance, documentation, and follow-up are written for the audited departments, not for the auditors.

Internal Audit Schedule

Internal auditing should follow a predetermined schedule covering all activities over a reasonable period of time. It is inconvenient to audit all activities in a single audit, so it should be spread over several quarterly or monthly audits. The schedule for such audits is conveniently drawn as a matrix covering, for example, a year in which dates are set for each part of the quality system. Audit schedules can be organized as horizontal or vertical. A vertical audit checks compliance of, for example, a single test through all steps from sampling to archiving of records. A horizontal audit examines every aspect of a single requirement, for example, equipment.

Audit Phases

Internal audit activities are spread over different phases which included preparation, conduct, close and follow-up. Typical steps for each phase are listed below:


  • Assign an overall owner and host for the audit
  • Assign a technical contact to get access to and review the completeness of records and other documentation for items to be audited. The assigned technical contact should be present all the time.
  • Set up a work area for the inspectors.
  • Review the schedule.
  • Prepare and train staff.
  • An audit may be a tough experience for all people involved, so everyone needs to be informed about what will happen and what questions may be asked.


  • Maintain a continuous log of the audit.
  • Provide copies (do not give originals away).
  • Keep duplicates of all information supplied to auditors.
  • Take immediate corrective action, when appropriate.
  • Hold a daily debriefing meeting to assess the progress.
  • Keep all documents in the work area.
  • Accompany the auditor at all times.
  • Be courteous and cooperative.
  • Answer only questions that are asked.
  • If you are unable to answer, tell the auditor openly.
  • Protect proprietary information.


  • Clarify any open questions or causes for dissatisfaction in the exit meeting


  • Develop a corrective action plan (owners, tasks, deliverables, and schedule).
  • Develop a preventive action plan (owners, tasks, deliverables, and schedule).
  • Monitor the plan