Do we have to cover all of the elements (ISO 9001 and 14001) annually when we audit our processes and procedures?
If yes or no, why so?
Thanks very much for your question.
Both ISO 9001:2008 and ISO 14001:2004 contain specific requirements related to internal audits of the management system(s), including that the organization shall “conduct internal audits at planned intervals” (8.2.2 and 4.5.5 respectively). This is generally accepted to be at least once per year, meaning that all of the elements should be covered annually as part of your internal audit program.
That internal audit program can be organized and scheduled in a number of ways. The majority of smaller organizations carry out one activity that covers all processes in a single audit over a couple of days. For larger organizations (perhaps with multiple locations) internal audit programs are often broken into a number of individual audits…each of which covers certain processes and/or locations. Still, over the course of the full audit program the organization must cover all processes of their management system and all of the general requirements of the standard on which it is based.
In addition to these audits, both ISO 9001:2008 and ISO 14001:2004 contain requirements for management review (5.6 and 4.6 respectively). These reviews are also expected to occur annually, and included in the inputs to these reviews should be the results of internal audits…along with corrective and preventive action, customer feedback, and more. Many organizations coordinate the timing of internal audit programs and management reviews so that they are able to consider relevant information in a timely manner.
I hope this helps to answer your question with some supporting background. We are happy to help with any follow-up questions this might inspire!
- Ted Annis, President, The Business Resource Centre