Updated May 2026 for ISO 19011:2026.
Internal Audits can provide a valuable insight in to the performance and effectiveness of your management system, and are a mandatory requirement under Annex SL Clause 9.2.
However, not all internal audits are conducted equally and you can find a vast difference in quality from one auditor to another.
So how can you ensure that the ISO Consultants you use, or the internal auditors in your company are conducting audits to the expected standard?
ISO 19011:2026 Guidelines for Auditing Management Systems
Believe it or not there is an ISO standard that details how to Audit Standards!
At Assent, we’ve used the guidance from ISO 19011 for many years to ensure that we provide industry leading, evidence based audits and the best assurance services for our clients.
All our support packages involving internal audits reference ISO 19011, and we build our audit programmes around that standard.
Internal Audit Programmes – Look Outside the Audit!
ISO 19011 doesn’t just cover the audit itself but sets out requirements for managing the entire audit programme, including determining the objectives of your audit, selecting the right audit team, sampling techniques and reporting findings.
It offers plenty of flexibility to ensure the audit programme meets the intended objectives, and provides a clear arrangement between the auditee and auditor.
The 2026 version also introduced expanded audit programme inputs including more context, climate change, technology, risks & opportunities.
At Assent we already provided carbon data related to each of our audits within the audit report. Read more:
- How do we Calculate Carbon Emissions from our Audits?
- Assent Calculates Carbon Emissions per Audit, includes data on Client Reports
Remote Internal Audits
As business has evolved, many organisations are utilising remote auditing to reduce the carbon footprint of their internal audit programme, save time and minimise disruption on their businesses.
Where appropriate, Assent are also utilising remote internal auditing via technologies such as video calls, screen sharing, access to client systems and documents.
However, some standards and clauses are not effectively audited remotely and a site visit may be required as part of a blended-hybrid internal audit or a fully onsite audit.
This is all covered in the audit planning activities where we will take a risk-based approach to the audit programme.
ISO 19011:2026 introduced additional guidance on remote auditing, which we also follow.
Using an External-Internal Auditor
Many of our clients ask us to run their internal audit programme because it provides them with an impartial evaluation of compliance against ISO Standards and the company’s own policies and procedures. It also eases pressures on their internal resources.
We work with clients to sample, test and evidence activities, reporting back with objective evidence that can then be used to find an effective corrective action.
There’s no shame in highlighting weaknesses via an internal audit and often it can prevent the same issues occurring at external audits which could compromise your ISO Certification.
We’re On Your Side
Although our auditors remain impartial through out the process, we are on your side.
We can get to know your business in greater depth which helps us to understand when a problem is (or isn’t) occurring and work with you to drive continual improvement and organisational resilience.
Talk to us about an ISO 19011 compliant Internal Audit Programme, ISO Consultancy or our other Services.
