Management systems such as ISO 9001, ISO 14001 and OHSAS 18001, require that internal audits are scheduled at planned intervals; they do not established a specific frequency nor do they establish that all processes need to have a yearly internal audit.
Organizations need to establish a frequency that is right for them. They decide if the audits will be performed monthly, quarterly, twice a year or once a year. However, there are some criteria that should be considered before defining a frequency that adjusts to an organization’s context and needs. These are:
- Crucial or high risk processes should be audited on a more frequent basis, perhaps quarterly or twice a year.
- Low risk processes can be audited just once a year or every other year.
Maturity of the processes.
- Well established processes that run efficiently can be audited once a year or every other year.
- New developed processes should be audited quarterly until they are stable.
Past experience.
- Processes that have a history of frequent deficiencies or non-conformities, can be audited quarterly or twice a year.
- Processes with troubles achieving targets and objectives can also be audited quarterly or twice a year.
There are other factors that can influence the frequency of auditing, such as:
- An organization’s budget for the execution of internal audits.
- Regulatory or customers’ requirements.
Another important fact is that there is no need to audit every process all at once, from past experiences, it is more suitable to spread out the internal audits throughout the year auditing different processes at different times; auditing many processes all at once can be exhausting and process deficiencies or areas for improvements may be overseen.
As mentioned above, most standards do not require that all process be audited every year; nonetheless, that is a common practice in many organizations. There are even some organizations, with mature and well-establish management systems, which schedule their audits over a three year time plan. Every organization needs to take a close look at each of their processes, their management systems and other applicable requirements in order to establish a rational schedule that fits their needs and that is right for them.
