Skip to main content

Understanding Internal Audits And Management Review Meetings

Quality management exercises have changed a lot in the last 20 years. In this blog post we discuss how internal audits (IA) and management review meetings (MRM) can help your organisation stay ISO 9001 compliant.

The Internal Audit

How are high-powered executives similar to high school students? They both hate tests.

Just mention the word audit to people in management and watch as they start eyeing the nearest exit. Despite the bad rap, audits help you uncover areas in your work process that need attention and present practical ways to improve them.

More specifically, internal audits are an opportunity for self-inspection and testing, giving your organisation a much-needed reality check since this is an exercise that is based strictly on the evidence collected.

An internal audit is typically split into two parts, examining the key and support processes underlying your business.

Auditing key processes

The first part of an internal audit focuses on the key processes, in other words, the core business of your company.

In this part of the audit, we’d take a close look at orders or projects that the company handled recently and review them through their entire lifecycle, which includes these four basic stages:

  1. The client makes initial contact with the company
  2. The company understands the client’s requirements
  3. The service or product is fully delivered
  4. The client is satisfied with the quality of service or product received

Auditing support processes

The second part of an internal audit examines support processes, which include everything that helps you put your key processes into action, maintain them, and improve them.

When auditing support processes, STEP typically looks at the following six areas in an organisation:

Human resources

At this stage of an internal audit, we draw up an organisation chart that lists the people working in the company, their roles and relationships. By writing detailed job descriptions using the information from an employee file or provided first-hand by team members themselves, we can prepare a training plan that nurtures growing edges and start logging accurate training records.


An inventory of the equipment used by staff to carry out their work shouldn’t just list the tools they use, but also how they use them and their degree of sophistication with them. This information can also be used to create a maintenance plan and a system that keeps records of previous maintenance done.

External providers

Despite being called an internal audit, we turn our focus outwards and list all the third parties your organisation depends on to carry out its day-to-day operations. This list would include:

  • Providers
  • Suppliers
  • Subcontractors

Again, we take it a step further and use this list as a basis to begin evaluating the quality of the product or service they offer you.

Customer feedback

We discussed different ways to obtain customer feedback in another blog post. During an internal audit, we test the methods that your organisation uses to collect feedback and measure satisfaction among customers. This helps us understand whether the data is being collected reliably, and how well the conclusions drawn from it are being disseminated throughout the team and put into practice.

Nonconformities & Quality objectives

As an internal audit starts peeling the layers off your organisation, some issues will inevitably be brought to light.

An internal audit does not seek to judge an organisation’s performance based on the number or seriousness of these issues, it simply lists them as nonconformities and proposes a number of actions that may be taken to resolve them.

Quality objectives, on the other hand, are a list of goals that management has set for the organisation. An internal audit will simply describe the current status of quality objectives, whether they have been achieved or not.

We wrote a detailed explanation on how to choose measurable quality objectives for your company.

The Management Review Meeting (MRM)

The management review is an exercise that is very similar to the internal audit since it reviews the same topics listed above.

The key difference between MRM and internal audit is that while the latter focuses on discussing the respective topics and identifying actions for improvement, an MRM isn’t as action-oriented and it aims mainly to increase awareness in management of shortcomings within the company.


An external audit is a significant challenge for any company; your reputation and business outlook hinges on everything going smoothly.

Thanks to internal audits and MRMs, you can uncover latent issues in your workflow processes and take steps to resolve them proactively. These procedures ensure your organisation keeps performing at peak business fitness levels, and that it passes external audits and inspections with flying colours.

Let's talk ISO

Fyll i detta formulär så kontaktar vi dig snart


    Drop your details below and we’ll be in touch


      Drop your details below and we’ll be in touch


        Sign up to our newsletter

        Receive information about the latest ISO standards, best practices, quality and information security & management tips.