Independent internal audits — delivered.

Three reasons typically. First, independence: ISO standards require that internal audits be conducted by people independent of the area being audited — for small companies, that means it's structurally hard to audit yourself. Second, expertise: internal audits done well require senior auditing judgment to find systemic issues (not just procedural deviations), and most small companies don't have a senior auditor on staff full-time. Third, headcount: even when internal staff could do it, the time cost during the cycle is large. We deliver the audit, satisfy your certification body, and free your team for the work only they can do.

We design an annual internal audit program covering the management-system scope and intervals required by your certification body (typically all clauses and all areas at least annually for the first cycle, with risk-based frequency thereafter). We deliver each audit on-site or remotely, produce auditor-grade findings reports, support corrective action closure, and prepare your management review with audit data. The full annual program is a single engagement with a defined schedule.

Both — and most clients use a hybrid. Documentation review and process audits work well remotely. Floor walks, equipment audits, and laboratory audits typically require on-site presence. We design the program around what makes sense for your scope and minimize travel cost while maintaining audit integrity.

We audit against any ISO management system standard we consult on — ISO 9001, ISO 14001, ISO 27001, ISO 45001, ISO 13485, ISO 17025. Integrated management systems combining multiple standards are common and we audit them as integrated systems rather than running separate audits.

Findings are documented in a structured report with severity classification (major non-conformity, minor non-conformity, observation, opportunity for improvement). Your team owns corrective action implementation — we don't fix your operations for you in an audit engagement. We do support the corrective action process: helping draft initial responses, reviewing root-cause analyses, and verifying effectiveness before audit closure. The combination of independent findings and owned remediation is what makes the audit credible.

Yes, when the engagement is structured properly. ISO standards require internal audits be conducted by competent auditors independent of the audited area. External consultants delivering internal audits satisfies both requirements clearly. Certification body assessors look for documented audit competence, defensible audit plans, and evidence of management engagement with findings — all of which we deliver. We've never had a certification body reject our internal audit work as the basis for an internal audit program.

Yes, when scope justifies it. Supplier quality audits, second-party audits of contractors, and supply-chain due-diligence audits are available as a separate engagement. We coordinate with your internal supplier quality program (if you have one) or deliver standalone audits when needed.

Cost scales with audit days, audit cycle frequency, number of sites, and number of standards in scope. Annual internal audit programs for typical SMB single-site clients are in the low to mid five figures per year; multi-site or multi-standard programs scale up from there. We don't publish rate cards; reach out and we'll walk through honest scope.