Last Updated on September 24, 2025 by Melissa Lazaro

Conducting ISO 15189 2022 Internal Audits

Let’s be real—most labs see internal audits as a chore. A box to tick. Something you squeeze in a few days before your external audit and hope it satisfies the requirement.

But in my experience helping labs across Asia, the Middle East, and Europe prepare for ISO 15189 accreditation, internal audits are where the real progress happens. If you do them right, they’ll uncover issues before the external auditor ever steps through your door—and they’ll help you build a quality system that actually works, not just looks good on paper.

Here’s the problem: the 2022 update to ISO 15189 raised the bar. Now it’s not enough to skim through SOPs and file a quick report. You’ve got to think risk. Think performance. And most importantly, think purpose.

If you’re a quality manager, lab director, or just someone responsible for keeping your lab audit-ready year-round, this guide is for you. I’ll walk you through the same internal audit strategies I teach my clients—ones that actually improve performance, reduce findings, and get real results.

Let’s break it down together. Here’s how to run ISO 15189:2022 internal audits that are structured, smart, and actually useful.

Understand What’s Changed in ISO 15189:2022 (And Why It Affects Your Audit)

Here’s what I’ve noticed—some labs jumped straight into auditing without really reading the 2022 revision. And that’s where things start falling apart. You can’t audit against a standard you haven’t fully unpacked.

So what’s actually different?

ISO 15189:2022 shifts the focus. It’s no longer just about checking whether SOPs exist or if forms are filled out. Now it’s about proving your lab’s performance, risk awareness, and system thinking. Auditors want to see that you’re not just compliant—but in control.

Here’s what matters most from an internal audit perspective:

• Risk-based thinking is no longer optional.
  You’re expected to consider risk at every level—from sample collection to reporting. Internal audits should reflect that.

• Performance metrics now tie into audit effectiveness.
  Are you measuring what matters? Turnaround time, error rates, staff competency—these should feed into your audit plan and findings.

• Process-based auditing is front and center.
  The standard encourages looking at workflows, not just individual clauses. It’s about understanding how your lab actually functions across departments.

A real example from the field:

One of my clients—a mid-sized private hospital lab—was still using their old ISO 15189:2012 checklist for audits. They weren’t asking about risk. They weren’t reviewing performance data. And when the external audit came? The assessor picked up on it within the first hour. We had to scramble to update their approach before the next surveillance visit.

Lesson learned? Update your audit mindset before you update your audit forms.

Build a Risk-Based Internal Audit Plan

If you’re still scheduling audits just to “cover all departments once a year,” it’s time for a serious update. The 2022 version of ISO 15189 pushes labs to think strategically about their audit planning—not just for coverage, but for impact.

Here’s how to do it right:

• Start with risk.
  Ask yourself: where are things most likely to go wrong? Where would a small mistake have the biggest impact on patient care? Those are your audit priorities. Think specimen transport, result reporting, equipment maintenance—not just admin policies.

• Use your past data.
  Pull out your last few audit reports, nonconformity logs, and corrective actions. If you’re seeing repeat issues or late closures, bump those areas to the top of your audit plan.

• Don’t do it all at once.
  Break your audit schedule into manageable chunks. Monthly or quarterly audits are often more effective—and less disruptive—than trying to review everything in one go.

Real example from my experience:

A regional blood center I worked with used to audit everything in Q4… every year. It was rushed, reactive, and stressful. Once we shifted to a risk-based quarterly plan, they uncovered more relevant issues earlier—and had time to fix them before the external audit. Their findings dropped by more than 50 percent within one cycle.

What your plan should include:

• Audit objectives (aligned with quality goals)

• Specific processes or functions to be audited

• Assigned auditors (impartial and trained)

• Estimated dates and duration

• Risk rationale for choosing each area

Prepare for the Internal Audit Like an External One

Let’s be honest—if your internal audits feel rushed, last-minute, or vague, they’re not helping anyone. One of the best things you can do is treat your internal audit like it’s the real thing. Because, in many ways, it is.

Here’s how to set yourself up for success:

• Build a checklist—but don’t rely on it alone.
  Yes, a checklist helps you stay organized, especially if it’s mapped to ISO 15189:2022 clauses. But don’t just walk down the list robotically. Use it as a guide, not a script.

• Gather background info first.
  Before you step into the lab or start interviews, review the last internal audit report, past nonconformities, customer complaints, and performance trends. That context helps you ask better questions and spot real risks.

• Give auditees a heads-up.
  This isn’t about “catching people out.” A quick email or calendar invite that explains what will be reviewed, who’s involved, and what to prepare goes a long way toward cooperation and clarity.

In my experience…

I helped a genetics lab overhaul their internal audit prep. Before, they’d show up with a blank form and take notes in the hallway. After working together, they had customized checklists, pre-filled observation templates, and a 30-minute audit kickoff with the team. Not only did the audit go smoother—it actually revealed operational fixes that made the lab faster and more accurate.

Prep essentials you don’t want to skip:

• Checklist mapped to ISO 15189:2022 clauses and your lab’s SOPs

• Copy of previous audit findings and closure status

• Access to recent quality indicators, complaints, and incident reports

• Clear communication with staff on what’s being reviewed and why

Execute the Internal Audit Effectively

Here’s where it all comes together—and where a lot of internal audits fall short. It’s not just about filling out a form. It’s about observing real practice, asking the right questions, and collecting solid evidence.

Here’s how to run the audit like a pro:

• Start with a quick briefing.
  Set the tone. Remind everyone this is about improvement, not punishment. Walk through the scope, the process, and what to expect.

• Observe the actual work.
  Don’t just sit in an office flipping through binders. Go into the lab. Watch how samples are handled. Look at real-time data entry. Sit in on result verification. What people do—and what’s written—don’t always match.

• Ask questions that go beyond the checklist.
  Instead of “Do you have an SOP for this?”, try “How do you know if this control has failed?” or “What do you do if something seems off?” You’ll get more honest, useful insights.

• Record objective evidence.
  Don’t rely on memory. Write down what you see, hear, and review. If something isn’t done correctly, note the facts—not opinions. That’s what gives your findings weight.

What I’ve seen in practice:

I once shadowed an internal auditor at a molecular lab who spent the entire audit at a desk reviewing documents. They missed the fact that staff were skipping an entire sample tracking step to save time. Once we switched to process-based auditing—actually walking through the flow from receipt to result—we caught it and fixed it before it became a formal nonconformity.

Audit execution essentials:

• Be visible—go where the work happens

• Stay curious—ask how and why, not just yes/no

• Stay neutral—this isn’t about blame

• Be thorough—take your time and dig deeper where needed

Report Findings and Drive Real Corrective Actions

Let’s get one thing straight—writing the audit report isn’t just a formality. It’s your chance to show leadership what’s working, what’s not, and where the lab can improve. But that only happens if the report is clear, accurate, and leads to action.

Here’s how to report findings that actually get traction:

• Be specific.
  “Staff didn’t follow the SOP” is vague. “Sample ID not double-checked during DNA extraction, contrary to SOP QC-045 section 4.2” is clear. The more specific your evidence, the easier it is to fix.

• Classify findings properly.
  Is it a nonconformity? An observation? An opportunity for improvement? Don’t inflate or minimize. Match the severity to the risk.

• Don’t forget the positives.
  Mention where things are working well. It builds trust, encourages good habits, and shows that your audit isn’t just about fault-finding.

Now, on to corrective actions…

This is where things often stall. A finding gets logged, maybe assigned—but then it sits. Or worse, someone writes “Staff retrained” and considers it closed. That’s not enough.

Here’s how to get it right:

• Start with a root cause analysis.
  Ask why it happened—not just what happened. Use simple tools like the “5 Whys” or a cause-and-effect diagram if needed.

• Document what’s changing.
  What process, behavior, or system is being updated to fix the issue? Be clear.

• Set a realistic deadline and follow up.
  Don’t let corrective actions drift. Assign owners. Track closure. And always check effectiveness—did the fix actually solve the problem?

Example from my experience:

A clinical chemistry lab I worked with kept having transcription errors in manual result entry. Rather than retrain staff again (which they’d already done twice), we did a root cause analysis. Turned out the issue was with poor screen layout in the LIMS. Once they adjusted the interface and added a double-check step, the errors dropped by 90%—and stayed low.

What to include in your audit report:

• Summary of what was audited

• List of findings (with clause references and severity)

• Supporting objective evidence

• Assigned actions, owners, and deadlines

• Plans for follow-up and verification

Use Internal Audits to Drive Continuous Improvement

Here’s the thing—internal audits aren’t just about spotting mistakes. When done right, they become one of your lab’s most powerful tools for elevating performance and making smarter decisions over time.

So how do you go from reactive to proactive?

• Look for patterns, not just isolated issues.
  One missed signature might be a fluke. Five in the same process? That’s a system problem. Use your audit data to spot trends across departments, shifts, or teams.

• Feed findings into your management review.
  Internal audits should be a standing agenda item. Share recurring issues, outstanding corrective actions, and areas where the same improvement opportunities keep showing up.

• Tie audit outcomes to your KPIs.
  If turnaround times are a key metric, your audit plan should include reviews of the steps that affect it—specimen handling, equipment maintenance, report verification, and so on.

A real-world example:

One diagnostic imaging lab I supported started tracking their internal audit findings by category—training, documentation, equipment, etc. Over time, they noticed that most of their issues tied back to unclear SOPs. That insight led them to standardize their documentation format across all departments. Result? Fewer errors, faster onboarding, and a big drop in corrective actions needed during external audits.

Simple ways to turn audits into improvement tools:

• Create a “Top 5 Audit Themes” dashboard to track issues over time

• Share lessons learned across departments, not just in the audited area

• Use strong performers as models—highlighting what went right, not just what went wrong

• Involve your team in reviewing audit trends and brainstorming improvements

Pro Tips and Insider Insights From the Field

Here’s what I’ve learned after auditing and training dozens of labs around the world: the difference between a good internal audit and a great one often comes down to small habits and smart systems. These tips are based on real problems I’ve helped clients solve—and they’re the same ones I share in our ISO 15189 training sessions.

Pro Tip 1: Map Your Audit to the Clauses—But Think in Processes

Don’t audit ISO 15189 clause by clause in isolation. Instead, use those clauses to guide how you evaluate actual workflows—like how a test order becomes a validated result. This uncovers practical issues faster and makes your findings more relevant.

Pro Tip 2: Use a Living Audit Log

Maintain a central, digital audit log that tracks:

• What’s been audited

• Who audited it

• Findings and root causes

• Corrective actions and current status

This makes follow-up easier and provides clear evidence for external auditors.

Pro Tip 3: Don’t Audit Alone

If possible, pair up auditors—especially when tackling complex areas like molecular testing or IT. One person can lead the interview or observation, while the other takes notes and cross-checks against the checklist. It reduces blind spots and builds better reports.

Pro Tip 4: Tie Findings to Risks and KPIs

If your audit identifies a gap, ask: What risk does this expose? and Which performance metric does it affect? Auditors love seeing that your internal reviews are tied to real outcomes—not just paperwork.

Pro Tip 5: Keep Audit Reports Short—but Sharp

Don’t write long-winded reports that no one reads. Stick to:

• What was audited

• What you found (with evidence)

• What needs to happen next (with ownership and deadlines)

Clear, concise reporting increases the odds that issues will actually get fixed.

Common Mistakes to Avoid (And How to Handle Them Like a Pro)

Even the most well-equipped labs can slip up during internal audits. Most of these mistakes aren’t about lack of effort—they’re about not having the right systems or mindset in place. Here’s what I see most often (and how to avoid falling into the same traps):

Mistake 1: Auditing Documents, Not Reality

It’s easy to check off that an SOP exists. But are people actually following it? Are the forms being filled out correctly and in real time? If your audit doesn’t involve observation and real-time process checks, you’re missing the full picture.

Mistake 2: Repeating the Same Checklist Every Year

Internal audits aren’t meant to be copy-paste exercises. If your lab’s risks, staff, or systems have changed, your audit plan and questions should too. Repeating the same process can make audits stale—and ineffective.

Mistake 3: Ignoring Root Causes in Corrective Actions

Simply stating “Staff were retrained” isn’t a real fix. Without a root cause analysis, the same issues will likely come back. Always ask “Why did this happen?” at least three to five times before landing on a solution.

Mistake 4: Auditing Too Close to the External Assessment

When internal audits are rushed a week before the external one, there’s no time to resolve anything. Aim to complete your internal audits at least two months before your external visit so you can show real improvement.

Frequently Asked Questions

Q1: How often do we need to conduct internal audits under ISO 15189:2022?

At least once per year, but frequency should be based on risk. High-impact processes (like sample handling or test validation) might need more frequent checks.

Q2: Can we use the same audit checklist every time?

Not ideally. Your checklist should evolve with your lab—especially if you’ve added new services, introduced new equipment, or updated SOPs. Customize it regularly to stay aligned with risks and system changes.

Q3: What happens if we find a major nonconformity during our internal audit?

That’s actually a good thing. Internal audits are where you want to catch issues. Just make sure to log it, investigate thoroughly, and show clear action taken. External auditors respect transparency and proactive problem-solving.

Make Your Internal Audits Work for You—Not Against You

Let’s be real—internal audits aren’t just a requirement in ISO 15189:2022. They’re one of the most powerful tools you have to improve your lab from the inside out.

When done right, they:

• Catch issues before they become findings in an external audit

• Reveal real performance gaps—not just paperwork problems

• Help your team build confidence, clarity, and accountability

• Drive meaningful, measurable improvements over time

And the best part? You don’t need complex systems or endless documentation to get there. You just need a focused plan, honest observations, and the willingness to follow through.

In my experience helping labs across continents—from national reference centers to small private diagnostics teams—the labs that take internal audits seriously always perform better under pressure. Not because they’re perfect, but because they’re prepared.

Want to make your internal audit process stronger?

At QSE Academy, we help labs build internal audit systems that are simple, smart, and 100% aligned with ISO 15189:2022. Whether you need training, tools, or one-on-one support—we’ve got your back.

Get in touch with us to learn how we can help your lab run internal audits that actually move the needle.