Internal Audit Procedures

Updated 27.01.2026

A document forming part of the Immercial IMS.

Contact us

15. Internal Audit Procedure

Document Name: Internal Audit Procedure
Version: 1.0
Approved by: Directors, Immercial Limited
Review Frequency: Annual or upon material change

15.1 Purpose

This procedure defines how Immercial Limited plans, conducts, records, and reviews internal audits to confirm the effectiveness and continued suitability of the Integrated Management System (IMS).

It supports compliance with:

  • ISO 9001 (internal audit requirements)

  • ISO 27001 (monitoring and review requirements)

15.2 Scope

Internal audits apply to:

  • The Integrated Management System

  • Quality management controls

  • Information security controls

  • Supporting processes, records, and evidence

Audits are proportionate to the size, complexity, and risk profile of a micro-company consultancy.

15.3 Audit Programme

  • Internal audits are conducted at least once per year.

  • Additional audits may be conducted where significant changes, incidents, or risks arise.

  • The audit programme considers service delivery, information security, and governance priorities.

15.4 Auditor Independence

  • Audits are conducted by personnel with sufficient understanding of the IMS.

  • Where full independence is not possible due to company size, objectivity is maintained through structured checklists and evidence-based review.

  • External support may be used where justified, but is not mandatory.

15.5 Audit Method

Internal audits involve:

  • Review of relevant documents and records

  • Sampling of operational evidence

  • Confirmation that processes are followed as described

  • Identification of non-conformities or improvement opportunities

Audits focus on effectiveness, not formality.

15.6 Audit Findings

Audit outcomes are recorded as:

  • Conformities

  • Observations

  • Non-conformities (where applicable)

Findings are documented clearly and objectively.

15.7 Corrective Actions

  • Non-conformities or improvement opportunities are recorded in the Corrective & Preventive Action Log.

  • Actions are assigned, tracked, and reviewed for effectiveness.

  • Actions are proportionate to risk and impact.

15.8 Records & Evidence

Internal audit records include:

  • Audit scope and date

  • Areas reviewed

  • Findings

  • Actions identified

Records are retained in accordance with the Document & Record Control Procedure.

15.9 Review & Improvement

The internal audit process is reviewed as part of management review to ensure it remains effective and appropriate.

Immercial Limited