What to Expect from an ISO Audit

We’ve split the auditing process down into three key phases so you can understand what to expect throughout the journey.

Phase One: Before the Audit – Preparation is Key

The success of any audit starts well before the auditor walks through the door. Pre-audit preparation is all about readiness — understanding the requirements of your chosen ISO standard, ensuring your documentation is up to date, and confirming that processes are being followed in practice.

Key actions in this phase include:

• Conducting an internal audit to check your system in advance
• Reviewing your documented procedures, policies, and records
• Ensuring employees are aware of their roles in the management system
• Addressing any previous non-conformities or gaps

As your ISO consultants, we help organisations carry out mock audits, review documentation, and coach teams to be fully audit-ready.

Phase Two: During the Audit – What to Expect

On audit day (or days, depending on the scope), an external auditor — usually from a UKAS-accredited certification body or a consultancy such as Blackmores — will assess whether your management system meets the requirements of your chosen ISO standard(s). This is the section which can seem daunting or scary. But don’t worry; if you’re working with us and have followed our guidance, then you have nothing to feel nervous about.

Here’s what to expect from an ISO audit:

• Opening Meeting – The auditor will introduce themselves, outline the audit plan, and confirm the scope.
• Document and Record Review – Your procedures, policies, and evidence of compliance will be reviewed.
• Process Observation and Staff Interviews – The auditor may visit different departments, observe operations, and ask staff about their roles and responsibilities.
• Objective Findings – The auditor will assess conformity, non-conformities, and potential improvement areas.
• Closing Meeting – The auditor will summarise the findings and explain the next steps.

This phase is all about transparency and collaboration. The auditor isn’t there to “catch you out” — they want to see your system working and will offer professional, constructive feedback.

Phase Three: After the Audit – What Comes Next?

Once the audit is complete, you’ll receive an official audit report outlining the auditor’s findings. This may include:

• Conformities – Where your system meets requirements
• Observations – Notes on areas where improvement may be beneficial
• Non-Conformities – Gaps in compliance that need to be addressed

You’ll usually be given a period to respond to any non-conformities with a corrective action plan. If these audits were a part of your Assessment for certification (or a Surveillance Audit for continued certification), you will be granted certification once any major issues are resolved.

We work closely with clients post-audit to help implement corrective actions, advise on continuous improvement, and ensure long-term compliance.

Need help responding to audit findings? Get in touch – it’s never too late to invest in ISO consultancy.

There are several types of ISO audits, each serving a different purpose:

Internal Audits

Conducted by or on behalf of the organisation to assess internal compliance and readiness. These are a mandatory part of maintaining your ISO management system. We can be onsite with you and help you conduct these throughout your certification.

External (Third-Party) Audits

Carried out by an independent certification body to assess conformance to the ISO standard. These determine whether you receive or maintain certification. Again, we can be onsite when you are being assessed. We can also help you organise these with a verified certification body.

Surveillance Audits

Conducted annually (typically for two years) between certification and re-certification audits to ensure your system is being maintained.

Re-Certification Audits

A full audit conducted every three years to renew your ISO certification. It’s important to keep on top of these to ensure your certificate is up to date. Contact us if you are nearing the end of your validation and would like some support moving forward.

Supplier Audits

Performed on third-party suppliers to verify that they meet your standards and requirements. If you are a supplier, you could also be audited as part of your client-supplier audit. Again, if you require support, please let us know.

Each audit type plays a vital role in supporting a culture of quality, accountability, and continuous improvement.

If you have any type of audit on the horizon and you need some support, please contact our team today.

Audits aren’t just about compliance — they’re about improvement. Regular auditing helps you:

• Uncover inefficiencies
• Reinforce best practices
• Identify risks and opportunities
• Enhance customer confidence
• Drive continuous improvement

They’re an essential tool for organisations that are serious about quality, safety, security, and sustainability.

Use this checklist to ensure your organisation is audit-ready:

• All required documentation is up to date and controlled
• Previous non-conformities have been addressed
• Internal audits have been conducted and documented
• Management review has been completed
• Employees are aware of their roles and responsibilities
• Objectives and KPIs are being monitored and met
• Evidence of continual improvement is available
• Corrective actions are recorded and followed through

This simple list can help you stay ahead of the curve and demonstrate the strength of your management system at any time.

If you need a personalised ISO audit checklist for your business, reach out, and we’ll create one tailored to your needs.