Internal audit
Plain-language summary
Audit your own system at planned intervals: does it meet your requirements and the standard's, and is it effectively implemented — with objective auditors, defined criteria, results to management, corrections without delay, and records.
What the clause is really asking
Conduct internal audits at planned intervals; plan the programme considering importance, changes and previous results; define criteria/scope per audit; select auditors ensuring objectivity and impartiality (no one audits their own work); report to relevant management; correct and take corrective action without undue delay; retain programme and result records.
What auditors look for
Auditors audit your audit programme: risk-based planning (problem areas audited more?), full coverage over the cycle, auditor independence, finding quality (real findings or polite ticks?), and the speed/closure of resulting actions. A programme that never finds anything draws suspicion, not praise.
Typical evidence
Audit programme/schedule with rationale; audit plans and reports; auditor independence evidence; finding and corrective action records with closure.
How to comply — recommendations
Schedule by risk, not by calendar convenience: double frequency on processes with complaints or changes. Cross-audit between departments for independence. Track finding closure age as a KPI — an audit system is judged by what happens after the report.
Common nonconformities
Same areas audited annually regardless of performance; auditors auditing their own department; findings open for months; audits producing nothing but 'opportunities'.
Related clauses
IATF 16949: extended by 9.2.2.1-9.2.2.4; auditor competence IATF 7.2.3; ISO 19011 guidance
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of ISO 9001 / IATF 16949 for the authoritative text.