External ISO Audits is a penultimate step on the path to ISO certification.

Here CG Business Consulting CEO, Caroline Geoghegan, shares her top tips for achieving audit gold.

Before your organisation can achieve ISO certification it must first go through an external audit. In this article, we walk you through all you need to know to make the final part of your certification journey as easy as ISO.

What Is ISO Certification?
ISO offers certification for myriad standards, including ISO 9001 Quality Management, ISO 14001 Environmental Management, and ISO 27001 Information Security Management. The route to ISO certification involves a mandatory external audit carried out by a qualified third-party auditor.

How long will my ISO certification last?
ISO certifications are valid for a three-year period.

What is an external ISO audit?
Conducted by an approved third-party auditor, the objective of this final milestone on the road to certification to any standard, including ISO 9001, is to assess the organisation’s compliance with the standard’s requirements.

During the audit process, the auditor will check to ensure that documentation meets prerequisites and that processes and procedures are being correctly followed. On completion, the auditor will present their findings before either issuing a certificate of compliance or making a series of recommendations for improvements.


CG Business Consulting CEO Caroline Geoghegan has helped more Irish businesses to achieve ISO certification than any other ISO consultant in Ireland. She shares her top tips for organisations hoping to obtain ISO certification without falling at the final fence…read below

Tip 1: Fail to Prepare, Prepare to Fail.

Whether internal or external, preparation is key in advance of any ISO audit. Practice makes perfect and each instance of an audit will help your organisation be better prepared for the next. I recommend working to a simple 5-point checklist:

  • Establish an Audit Schedule (and stick to it) – map out project milestones including a dedicated timeline for certification
  • Compile Audit Checklists to guide you through the audit process applicable to the ISO guidelines to which you are working
  • Set Objectives – and focus on them and them alone
  • Organise – People, Paper, and Place – ensure documents are in order and readily accessible, that relevant personnel are aware of their specific duties and make sure all workspaces are clutter-free
  • Conduct Internal Audits/Reviews – start as you mean to go on. Carrying out an internal review will give you the preparation and insight you need to achieve optimal results
    Remember, an ISO certification is a living management process and should be continuously updated and improved.

Remember, an ISO certification is a living management process and should be continuously updated and improved.


Tip 2: Give ALL Audits the Attention they Deserve

Whether internal or external, ISO audits are important for several reasons not least because they act as a barometer for compliance against the ISO requirements of the standard your organisation is certifying to.

Audit outcomes can identify operational and technical weak spots and as such, are a potential godsend for CIOs and COOs alike, whilst the audit process itself provides the ideal training ground for your employees.

Give them your full attention and leverage the resultant outputs to develop optimal risk management and service excellence strategies for your business.


Tip 3: Once is a mistake, twice is a Decision

Recommendations for corrective actions aren’t something to be ignored or filed under ‘to do’.

Once identified, remedial actions should be immediately implemented to ensure recurring issues and potential risks are mitigated. Whilst a single instance of non-conformity won’t bring down the house of cards, multiple issues can trigger a chain of events that will result in non-compliance and a subsequent delay in achieving certification.

Don’t be caught flat-footed. Plan – Do – Check – Act.


Tip 4: Schedule that Management Review

Get a date for that Management Review in the diary asap.  I don’t know how many times I’ve seen managers prepare for audits down to the minutest detail only to neglect to carry out a management review.

What is a Management Review? It’s a review of the end-to-end management system – be that a Quality Management System or a QEHS Management system – which should be carried out annually. A management review does what it says on the tin – senior management reviews customer feedback data, quality policies, non-compliance issues and recommendations for corrective action proposed and/or agreed on objectives, improvements, and changes to processes and procedures.

A thorough deep dive, the management review should be well documented and acted upon prior to any audit being scheduled to ensure all changes or corrective actions have been completed.


Tip 5: Set, Monitor, and Update Objectives

Once you have agreed on a clear set of objectives, it’s imperative that your team keeps track of their progress as well as their ongoing relevance to the organisation.  If an objective needs tweaking to align with changing business demands, then make those changes. An auditor will expect to see how you have tracked objectives and any required changes. It boils down to good housekeeping, kept simple.


Tip 6: Keep it Clean

It shouldn’t need to be said. Keep your house in order, your files clearly labelled and stored, workspaces and hot desks clutter-free, and relevant data and documentation readily accessible always. Everything in its place and a place for everything is key to a stress-free audit.


How long should I allow for preparation for the ISO certification audit?

Developing an ISO Management System takes time. Ideally, an organisation should allow themselves a minimum of 3-6 months to fully prepare for an external audit.

For more information on ISO certification or a full rundown on how to plan for an external audit, contact Caroline at [email protected] or give her a call on 01 – 620 4121.


David Whelan, Logistics / QEHS Manager Grundfos Ireland "We found the level of competency from the team to be of a very high level compared with other consultants. CGBC worked to get a very thorough understanding of our business, this made life easier for us and meant they could give us some very helpful advice."