An independent internal audit before your surveillance audit finds the gaps before your certification body does. We audit your system, give you a clear findings report, and help you close anything out before the auditor arrives.
An internal audit is a requirement of every ISO management system standard - ISO 9001, ISO 45001, ISO 14001, ISO 27001, and integrated HSEQ systems. It is a structured review of your management system to check that it is being implemented as documented, meets the requirements of the standard, and is effectively maintained.
Internal audits must be conducted at planned intervals - typically annually. The results must be reported to management and any non-conformances must be addressed through your corrective action process. Evidence that internal audits have been completed is one of the first things a certification body auditor will check at your surveillance or recertification audit.
The standard requires that the internal audit process is objective and impartial. Auditors cannot audit their own work. For small and medium businesses without a dedicated compliance function, this creates a practical challenge - the same person who manages the system cannot audit it.
Some situations are planned. Others are urgent. We handle both.
Your annual surveillance audit is 4 to 8 weeks away and your internal audit has not been done. This is the most common reason businesses call us. We can turn around an internal audit quickly.
Your last internal audit was more than 12 months ago. Your certification body will flag this immediately. Getting it done now protects your certification.
You want your internal audit conducted professionally each year without the hassle of doing it yourself. We become your outsourced internal audit function.
You are approaching your Stage 1 or Stage 2 audit and want to check your system is genuinely ready before the certification body does.
In your business, the person responsible for quality cannot audit their own work. You need an independent auditor to satisfy the standard's requirements.
Your management system has not been maintained properly and you want an honest assessment of where it stands before your next external audit.
A complete, professional internal audit package - formatted for you, your certification body and actionable by your team.
Covers every clause of your ISO standard. Findings categorised as conformances, observations, and nonconformances. Formatted for your certification body.
For every nonconformance raised, a clear corrective action with root cause analysis, required action, and target completion date.
Observations and opportunities for improvement beyond mandatory requirements - practical suggestions your team can act on.
We walk through findings with the relevant people in your business so everyone understands what was found and what needs to happen next.
“The businesses that sail through their surveillance audits are the ones that take their internal audits seriously. They find their own nonconformances, fix them, and arrive with evidence of a functioning improvement cycle. That is exactly what auditors want to see”
Straightforward from first contact to final report. Most small business audits are completed in one day.
We confirm your standard, business size, and timeline. Fixed price agreed before we start.
We review your management system documentation before the on-site or remote audit day.
In person or remotely. We interview staff, review records, and check processes against the standard.
Full written report with corrective action plan delivered within 5 business days. Debrief included.
Help you with corrective action or implementation of improvements
Independence the standard requires ISO management system standards require that internal audits are conducted impartially. If the person who built and manages your system is also conducting the audit, that independence is compromised. Certification body auditors are trained to spot this - and they will note it.
Using an external auditor removes the conflict entirely. Your internal audit is conducted by someone with no stake in the outcome other than finding what needs to be found.
We know what certification body auditors look for Our consultants have worked across implementation, auditing, and management systems extensively. We know the areas where certification body auditors focus their attention during surveillance audits. We know the findings that come up repeatedly across ISO 9001, ISO 45001, ISO 27001, and HSEQ systems. We find those things before the auditor does.
That is not the same as coaching you to hide problems. It means that by the time your surveillance audit arrives, the gaps have been identified, corrective actions have been raised, and your system can demonstrate that it responds to findings - which is exactly what the standard requires.
A clear report, not a document dump After the audit, you receive a findings report that tells you plainly what was found, how it is classified - major non-conformance, minor non-conformance, or observation - and what needs to be done before your surveillance audit. No jargon, no padding. A clear list of what requires action and by when.
You stay focused on your business Preparing for and conducting an internal audit takes time - time that most business owners and managers do not have spare. We handle the audit process from planning through to the findings report. You review the report, action what needs to be actioned, and go into your surveillance audit prepared.
We conduct internal audits against ISO 9001:2015 for businesses across construction, manufacturing, professional services, and government supply chains. We focus on the areas certification body auditors consistently examine - customer feedback processes, nonconforming output management, objectives tracking, and management review records.
We conduct internal audits against ISO 27001:2022 for technology companies, managed service providers, professional services firms, and government suppliers. We review the risk assessment currency, statement of applicability, access control evidence, incident records, supplier security arrangements, and the controls selected in your risk treatment plan.
For businesses running an integrated ISO 9001, ISO 45001, and ISO 14001 system, we conduct a single combined internal audit that covers all three standards. This is more efficient than three separate audits and produces a single findings report covering the full system.
Many others too....including ISO45001, ISO14001, ISO17021, ISO17025, ISO31000, ISO37301 to name a few. If you are looking for an internal audit of an ISO system ComplyOn has got you covered
We don't do vague retainers. We do specific, scoped work with clear outcomes so you know what you're getting before we start.
Service 01
Full ISO implementation - we build it with you
We work alongside your team to build an ISO management system from scratch. Clear plans, right-sized controls, support through the audit so your team keeps working while we handle the heavy lifting.
This is right for you if: You need certification to win a contract or meet a customer requirement - and want experts guiding every step.
Service 02
Maintenance, audits and system recovery
Already certified but struggling to maintain it? We help businesses whose systems have drifted get back on track, and put in place the habits to stay there without ongoing consultant dependency.
This is right for you if: Your surveillance audit is approaching, your internal audit is overdue, or your system hasn't been touched in months.
Internal audit is one of the most commonly searched ISO services - and one of the things businesses most often let slip. We conduct ISO internal audits as a standalone engagement, with a full written report and corrective action plan. Works for any ISO standard.
Start with a free consultation. We'll tell you exactly what's involved, how long it takes, and what it costs - before you commit to anything.
Request a quoteinfo@complyon.com.au · Australia-wide · In person or remote
Get certified. Stay certified.
ISO 9001, ISO 45001, ISO 14001, ISO 27001, and HSEQ. Fixed price consulting for Australian businesses.
© 2026 ComplyOn.
