Q:"Our current registrar left some here with the impression that our internal auditors needed to be certified as ISO auditors. However, it is my understanding that they need only be certified to perform internal audits and be certified by our company to do so. What does ISO 9001 require in terms of internal auditor training and competence?"

Chuck Richardson of Performance Quality Systems, Inc. (www.performancequalitysystems.com): "I believe your current understanding is correct. Your internal auditors do not have to be certified by an outside organization. Rather your company must define the qualifications that your internal auditors must meet. Then your company must train your prospective internal auditors so they meet the qualifications, hire someone who already meets the qualifications, or subcontract the internal audits to a qualified person. Your company must also verify that whatever actions you take to provide competent internal auditors are effective."

Praveen Gupta of Accelper Consulting (www.accelper.com):"In order to perform effective internal audits, one must be able to assess compliance and effectiveness to planned arrangements, which are normally documented in procedure. For one to become a good internal auditor, the auditor must be familiar with the quality sytem, requirements of the ISO 9001 standard, and trained in performing internal audits. Once qualified, the auditor must be independent of the process or function being auditer to ensure objectivity. Records of the auditor qualifications must be maintained. Specific requirements for an internal auditor are given in ISO 19011: Guidelines for Quality/Environmental Management System Auditing. Accordingly, organizations establish education, knowledge and skills required to perform internal audits. Ultimately, they must have enough education to gain knowledge of the quality system, and skilled enough to perform various aspects of internal audits."

Andy Foss of Foss Quality Services (www.fossqs.com): "ISO 9001 requires that internal auditors be competent, but it does not specify how that competence is determined. Auditor certification or internal approval are both acceptable approaches. A third party auditor is required to determine the effectiveness of the internal audit system at each visit, and this will reflect internal auditor competence to some extent. Are audits process based? Do the audits find value-added feedback for management? If not, auditor competence will be in question. Good auditors will be able to identify opportunities to improve, not just point our procedural gaps."

Michael Dougherty of DBS Quality Management International (www.dbsqualitymgmt.com): "Internal auditors do not have to be certified. However, they should be trained to enable them to audit the ISO 9000 quality management system with sufficient competency to ensure it is being maintained and/or correctly developed. The ISO Standard in section 6.1 requires resources to implement and maintain the quality management system; section 6.2.1 requires personnel shall be competent; and section 8.2.2 requires internal audits to be conducted to determine whether the quality management system is being effectively implemented and maintained. These specific clause of the Standard sets the requirement for internal auditor to be trained to the standard. How the company does that is their choice. As a registrar auditor I would look for training records to give evidence that the intenal auditors are trained to the ISO Standard that they are responsible to assess whether it is being implemented and maintained."