Conducting meaningful internal audits

By Kelly Huckabone

November 2018

Many audit and quality managers have different perspectives on how to conduct annual internal audits. Mine has always been to ensure they are meaningful, and as much as possible, not impact operations. This can be a difficult task if the right balance is not struck.

Internal audits, although a requirement for most quality systems, should not feel like they are being done just because they need to be done. They should be viewed as a value add and a way to address major gaps and identify opportunities before they become a real issue to operations.

Unity™ Lab Services takes a bold approach to internal auditing. We have a volunteer team of more than 15 auditors who have been trained on the ISO 9001:215 Standard and we use a high-level process checklist to audit. We use the departments’ overarching SOP (Standard Operating Procedure) as a guide to identify the most common and repeatable processes (usually two to three) to review. We prepare questions based on the processes and interview employees.

This year we held a workshop utilizing a “teach and try” method for new auditors. We paired less experienced auditors with lead auditors, classified findings as a team, and drafted the reports. We streamlined our reports down to four pages to make them simplified for our auditees. We also prepared an informational sheet for each auditee to guide them through what they need to do once a report is received.

Within Unity Lab Services, we operate as a virtual organization with many remote and field employees. We decided to conduct 50% of the internal audits remotely (using WebEx). It took a focused approach to plan this remote audit working with department managers to identify key stakeholders and ensure the technology properly functioned. We remotely performed 13 successful internal audits.

Next year, we have an even bolder goal. We want to increase the number of internal audits by 75% and also adopt a risk-based approach. For key processes that have a significant impact to our customers we will audit annually but we are considering auditing smaller background processes every two to three years.

Download a PDF of this article



About the author

Kelly Huckabone is the North American Audit Program Manager who oversees the Unity™ Lab Services internal and external customer and supplier audit programs. Kelly is a certified risk manager, lead auditor with the American Society for Quality (ASQ), and has been conducting audits for over 25 years for different quality systems, including ISO 9001, 13485, and 17025, as well as Health Canada and the FDA.

Contact me at if you have any questions.