A tradesman giving quality customer service

What is an ISO 9001 audit?

An ISO 9001 audit is an independent assessment of your quality management system (QMS) conducted by an accredited certification body to verify that your organisation meets the requirements of ISO 9001:2015, the international standard for quality management.

The full ISO 9001 auditing process covers an initial two-stage certification audit, annual surveillance audits, and a recertification audit every three years. Your team will run internal audits as an ongoing part of maintaining your QMS, which your external auditor reviews as part of the certification audit process.

The ISO 9001 certification audit process

The ISO 9001 audit process is more straightforward than many businesses expect. Here’s what happens at every stage, from initial documentation review through to recertification.

Woman participating in online ISO training

Stage 1: Documentation review

Stage one is a documentation review that takes place before your on-site Stage two audit is planned. Your Citation auditor checks whether your QMS has been properly designed to meet the requirements of ISO 9001 before the on-site assessment begins.

During Stage one, your auditor will review:

  • QMS scope, quality objectives, and strategic direction.
  • Key processes, documented information, and how external and internal factors have been identified.
  • How interested parties (customers, suppliers, and regulators) and their needs are addressed.
  • Management review, leadership involvement, and relevant regulatory requirements.

Stage one concludes with a written audit report. If there are gaps to address before Stage two, your auditor will explain exactly what’s needed and why.

Colleagues conducting a Gap Analysis

Stage 2: On-site certification assessment

Stage two is the main on-site certification assessment. Your Citation auditor visits your premises and verifies that your quality management system is operating effectively, checking that what’s documented reflects what’s actually happening across your organisation.

A Stage two audit follows a clear structure:

  • Opening meeting: scope, agenda, and audit plan confirmed with your team.
  • On-site interviews, process observation, review of records and audit reports.
  • Assessment of customer satisfaction, corrective actions, and continual improvement.
  • Closing meeting: findings and any nonconformities presented and explained.
Auditor surveying a warehouse

Annual surveillance audits

ISO 9001 certification is valid for three years. In year one and year two, Citation Group conducts annual surveillance audits to confirm your QMS continues to meet the standard and that continual improvement is being maintained.

Surveillance audits focus on:

  • Ongoing ISO 9001 compliance.
  • Progress on corrective actions from previous audits.
  • Evidence of continual improvement.
  • Any organisational changes affecting the QMS.
  • Customer satisfaction data and how it’s being acted on.
Woman implementing suggested changes after completing Gap Analysis

Recertification audit

A recertification audit is required every three years to maintain your certified status. It’s a full audit, similar in scope to your original Stage two, covering the entire three-year certification period. Many businesses are surprised by this, so it’s worth knowing upfront.

The good news is that if you’ve kept your QMS active and your surveillance audits have gone well, recertification is straightforward. We work with you to plan it well in advance, so there are no surprises, no last-minute scrambles.

An auditor excited about improving local businesses

What does an ISO 9001 auditor look for?

No surprises – just process. ISO 9001 auditors assess whether your QMS is genuinely embedded in how your organisation operates. Here’s what your auditor is looking for at every stage of the ISO audit:

  • Leadership commitment: Does senior management actively support the QMS, set strategic direction, and regularly review its performance?
  • Risk-based thinking: Are risks and opportunities systematically identified and addressed?
  • Customer focus: Are customer requirements understood, and is customer satisfaction actively monitored?
  • Regulatory compliance: Have relevant regulatory requirements been identified and met?
  • Corrective actions: Are root causes of problems identified and resolved, not just patched?
  • Continual improvement: Are key processes monitored, measured, and showing genuine evidence of improvement over time?
Get In Touch
business owner using efficient systems to manage her resources

What are the ISO 9001 internal audit requirements?

Internal audits are a mandatory requirement of ISO 9001:2015. You need to plan and carry these out regularly, checking your quality management system is working as intended and catching anything that needs fixing before your external auditor does.

Your external auditor will review your internal audit records, findings, and any corrective actions you’ve taken. A well-run program includes:

  • A planned schedule covering your key processes and management systems.
  • Clear identification of nonconformities, customer complaints, and opportunities for improvement.
  • Implementation of corrective actions, tracked to resolution.

Auditor training is worth investing in. The people running your internal audits need a solid understanding of ISO 9001:2015 and the ability to assess your processes without bias. Citation Group provides complimentary online training to help.

Customer service representative ready to help

Why Australian businesses choose Citation Group

We’ve helped over 3,500 Australian businesses achieve ISO certification. Here’s what you get when you work with us.

  • Locally based auditors who know your industry – no overseas call centres, no generic checklists.
  • JAS-ANZ accredited – certifications recognised internationally for tenders and procurement.
  • Named auditor assigned to your business throughout the process.
  • Plain English communication at every stage – no compliance jargon.
  • Second largest ISO certification provider in Australia, with 30+ years’ experience.
  • Complimentary online auditor training included to help your team prepare.
Get In Touch

Trusted by over 3,300 Australian businesses to solve their compliance challenges

Citation Certification logo
Majestic Services Group

Loved working with the auditors for our ISO Accreditation. They provided me with valuable feedback and observations that will certainly enhance the business. I felt very well supported during this process as it was my first audit experience.

Catherine Trembath, Office Manager

Citation Certification logo
Coral Homes

Thank you for working with us to obtain ISO 45001 Certification. The process was thorough, structured and efficient and the system enhancements we have made to achieve certification will benefit our company greatly.

The breadth of experience and technical expertise you brought to the process was invaluable and really appreciated by all the senior leadership team involved.

Geoff Idzikowski, HSEQ Manager

Citation Certification logo
AutoNexus

The collaborative relationship we’ve developed with Citation Certification has turned into a true partnership where our business needs are holistically understood and supported.

John Hemingway, Regional HSE Manager

Citation Certification logo
Cushman and Wakefield

The auditor that was assigned to us was fantastic. He explained what was expected and required before the audit commenced. And even during the audit process, when things were being identified or uncovered, we could work quite dynamically. He was really accommodating and professional, and really quite pragmatic in the recommendations for improvement, which we’ve taken on board.

James Logan, Operations Risk and Compliance Manager

Citation Certification logo
Swyftx

Our most recent audit cycle was one of the most positive experiences we’ve had since certifying to ISO/IEC 27001:2022, and the relaxed nature allowed us to engage in discourse that was open and honest about gaps and our plans to fix them.

Daniel van Driel, Risk and Governance Lead

Access our latest news and insights

What is the minimum wage in Australia?
Citation HR logo
Blogs

What is the minimum wage in Australia?

So, what is the National Minimum wage, who decides what it should be, and how...

2 June, 2026
The FWC has decided: minimum wage will increase by 4.75%
Citation HR logo Citation Legal logo
Blogs

The FWC has decided: minimum wage will increase by 4.75%

The Fair Work Commission’s Minimum Wage Panel has handed down its decision on the annual...

2 June, 2026
How to conduct a disciplinary meeting
Citation HR logo
Blogs

How to conduct a disciplinary meeting

Conducting a disciplinary meeting isn’t always a straightforward process even for the most experienced business...

1 June, 2026
HR questions often asked too late
Events

HR questions often asked too late

Every week, Citation’s advisory team takes calls from business owners navigating situations they didn’t see...

June 10, 2026 11:00 am
What are the key requirements of ISO 27001?
Citation Certification logo
Blogs

What are the key requirements of ISO 27001?

ISO 27001 is the internationally recognised standard for information security management systems (ISMS). 

27 May, 2026

Got burning questions? We’ve got answers.

An ISO 9001 audit typically takes one to two days on-site for a small to medium business, depending on your organisation’s size, number of sites, and the complexity of your QMS. Stage one is usually a few hours and can be conducted remotely.

Your Citation auditor will confirm the expected duration before you begin. If you’re still in the ISO 9001 implementation phase, they can also help you understand what to have in place before audit day arrives.

Nonconformities found during an ISO 9001 audit are classified as major or minor. Major nonconformities must be resolved before certification is issued. You’ll address minor nonconformities within an agreed timeframe after certification. Your Citation auditor will explain every finding clearly and guide you through what’s required.

Yes. Internal audits are a mandatory requirement of ISO 9001:2015. Your external auditor will review your internal audit records, findings, and corrective actions as part of the certification audit process. Citation Group provides complimentary online training to help your team develop internal auditing capability.

After initial certification, ISO 9001 requires annual surveillance audits in year one and year two of your three-year certification cycle. A full recertification audit is then required every three years to maintain your certified status.

In Australia, ISO 9001 certification companies should hold JAS-ANZ accreditation, the Joint Accreditation System of Australia and New Zealand. JAS-ANZ accreditation confirms the independent certification body meets international standards for competence and impartiality. Citation Group is JAS-ANZ accredited, making our certifications recognised nationally and internationally.

ISO 9001 certification cost in Australia typically depends on your organisation’s size, number of sites, and the complexity of your quality management system. Larger organisations with more complex QMS requirements will generally pay more due to longer audit durations. Visit our ISO 9001 certification pricing page or contact us for more information.