Last Updated on October 17, 2025 by Melissa Lazaro

Why Internal Audits Matter More During Transition

When a lab starts preparing for ISO 15189:2022, one of the first questions I hear is: “Do we really need to overhaul our internal audits?”
The answer is yes — but not in the way most people think.

The 2022 version doesn’t just ask if you’ve done your internal audit; it asks if your audits prove that your system works.
It’s not about counting findings anymore — it’s about showing awareness, control, and continual improvement.

In my experience, internal audits are the most powerful transition tool a lab can use. They’re not just practice runs for accreditation; they’re a mirror. They show you how well your team understands the new clauses, how effectively risks are managed, and whether procedures make sense in real life.

When done right, internal audits during transition do three critical things:

1. Reveal how aligned your QMS is with ISO 15189:2022’s intent.

2. Identify competence or documentation gaps before assessors do.

3. Build team confidence through hands-on learning, not paperwork.

Pro Tip: Treat each internal audit as a mini rehearsal for your accreditation visit. The closer it feels to a real audit, the fewer surprises you’ll face later.

Understanding the Role of Internal Audits in ISO 15189:2022

Internal audits have always been part of ISO 15189. But in the 2022 version, their purpose goes beyond simple compliance checks.
They’re now designed to confirm whether your management system actually delivers what it promises — consistent, reliable, and risk-controlled patient results.

In the 2012 edition, most internal audits focused on verifying documents.
Auditors would ask: “Is there a procedure? Is it followed?”
Now, the better question is: “Does this process achieve the intended outcome — and can we prove it?”

That shift from procedure-based to performance-based auditing is the biggest change.
Your audit reports should show that your lab evaluates effectiveness, not just presence.

Here’s what ISO 15189:2022 expects from internal audits:

• They must assess whether the QMS conforms to risk-based and outcome-driven requirements.

• They should evaluate staff competence, impartiality, and awareness, not just records.

• They need to feed directly into management review and continual improvement.

Pro Tip: Think of your internal audit as a built-in assurance system. If your audits can already detect weaknesses before assessors do, you’re operating at the right level.

Common Mistake: Treating internal audits as a formality. A checklist can’t improve quality — but an engaged audit conversation can.

Key Changes Affecting Internal Audits Under the 2022 Standard

If you’ve been running internal audits the same way for years, ISO 15189:2022 will make you rethink your approach.
The new version doesn’t just rename clauses — it redefines what an effective audit looks like.

In the 2012 version, internal audits were often scheduled once a year and focused mainly on whether documents existed and were followed.
Now, ISO 15189:2022 wants to see evidence that your system performs, not just complies.

Here’s how the expectations have evolved:

This change means your audit program should no longer feel like an obligation—it should feel like a management strategy.

Example:
Instead of simply verifying that equipment logs are signed, an auditor might now ask, “How do you know this calibration program effectively prevents measurement drift?”
That single question tests understanding, control, and the quality culture behind the records.

Pro Tip: Update your audit checklist to reflect this shift. Add open-ended questions that explore:

• How risks are identified and managed

• How staff demonstrate competence

• How digital systems protect data integrity

• How actions lead to measurable improvements

Common Mistake: Running your 2022 audits with your old 2012 checklist. You’ll miss half the intent of the new requirements and risk carrying old habits into a modern framework.

Planning Internal Audits During the Transition Year

If there’s one thing that separates smooth transitions from stressful ones, it’s audit planning.
You can’t treat ISO 15189:2022 internal audits as business-as-usual — they need to be strategically timed and structured to support your lab’s migration to the new standard.

When I work with labs during transition periods, I always recommend a simple, risk-based approach.
Here’s how to plan it effectively.

1. Identify Processes Impacted by 2022 Updates

Start by mapping which areas are most affected by the new standard.
Focus first on high-risk or high-impact processes like:

• Competence and impartiality

• Risk and opportunity management

• Information management and LIS validation

• Management review and continual improvement

These areas should be audited early in your transition schedule.
That gives you time to correct issues before the accreditation body checks them.

2. Align Audit Frequency with Risk

The old “once-a-year for everything” model is gone.
Now, ISO 15189:2022 expects you to schedule audits based on process risk and performance.
If an activity directly affects patient safety or result validity, it should be audited more frequently.

Pro Tip: Build your internal audit plan around the same risk register used for your management system.
That way, your audit program and risk-based thinking reinforce each other naturally.

3. Train Auditors on the New Clauses

Your internal auditors must understand more than the clause numbers — they need to grasp the intent behind each change.
Provide short refresher sessions that cover:

• Risk-based decision-making

• Evaluating competence objectively

• How to assess information systems and data integrity

• How to conduct interviews that test awareness, not just compliance

Common Mistake: Assuming your 2012-trained auditors are automatically ready for 2022. They know the process, but not the new purpose.

4. Integrate Audit Results into the Transition Plan

Every finding from your internal audits should feed directly into your gap analysis and action plan.
When assessors review your records, they’ll expect to see clear links between your internal audits, corrective actions, and updated documentation.

Example:
If an internal audit identifies missing impartiality declarations, your transition plan should show that the procedure was updated, staff were trained, and a follow-up audit confirmed closure.

5. Schedule a “Transition Readiness Audit”

This is one of the most valuable tools I’ve used with clients.
About three to six months before your accreditation visit, conduct a full-scope internal audit as if it were the real thing.
It helps the team get comfortable with the new language and expectations — and gives you one last chance to close gaps.

Pro Tip: Treat it like a rehearsal. Involve your top management in the closing meeting. Their questions and feedback will often reveal blind spots you didn’t see during routine reviews.

Planning your internal audits this way ensures your transition stays controlled, evidence-driven, and fully traceable — the kind of approach assessors appreciate because it shows true system maturity.

Conducting Internal Audits – Step-by-Step Process

Planning is one thing — execution is where most labs either shine or stumble.
The key to running internal audits that meet ISO 15189:2022 expectations is shifting the focus from paperwork to evidence of effectiveness.
Here’s the practical, no-fluff approach I use with laboratories during transition.

Step 1. Prepare with Purpose

Before you start, decide what you want the audit to achieve.
Are you testing readiness for accreditation? Verifying risk controls? Checking staff competence?
Define your audit scope and objectives clearly — it guides everything else.

Review the relevant clauses in ISO 15189:2022 and gather recent data such as nonconformities, complaints, and quality indicators.
That background will help you ask smarter questions.

Pro Tip: Never audit blindly. Read at least one or two related procedures before walking into any section — it shows professionalism and saves time.

Step 2. Hold an Opening Meeting

Keep it brief but purposeful.
Explain that the audit’s goal is to evaluate effectiveness and improvement — not to find fault.
This sets the right tone and reduces defensiveness among staff.

Example:
“Today’s audit will review how the new competence and risk processes are being implemented. We’ll focus on understanding how these changes work in practice, not just on the documents.”

Step 3. Evaluate Processes on the Floor

This is where the audit comes alive.
Observe, ask, and listen. The 2022 edition expects you to verify how staff apply the standard in real situations — not just how the procedure reads on paper.

Ask questions like:

• “How do you ensure impartiality in your daily work?”

• “What risks have you identified in this process, and how are they managed?”

• “How does this system protect patient data if there’s a technical issue?”

Those questions reveal both competence and understanding — the two areas assessors care about most.

Step 4. Gather and Verify Evidence

Collect objective evidence of conformity and effectiveness.
This can include observation notes, completed forms, training records, system screenshots, or test logs.

Pro Tip: Focus on cause and effect. Don’t just note that a form exists — check if it’s filled out correctly, reviewed on time, and actually drives improvement.

Step 5. Record Findings Clearly

When documenting nonconformities, stick to facts.
Write findings that are traceable, clause-linked, and actionable.

Example:
Instead of:

“Procedure not followed.”
Write:
“In Section 6.2, the staff competence record was not updated following retraining, contrary to Procedure QP-05 Rev 2.”

That kind of wording makes corrective action straightforward.

Step 6. Conduct the Closing Meeting

End with clarity and encouragement.
Summarize key findings, confirm understanding, and discuss next steps.
Highlight positive practices as well — it motivates teams and reinforces ownership.

Common Mistake: Ending the audit without verifying that management understands the root causes or deadlines for corrective actions.

When internal audits are conducted this way, they stop feeling like an obligation and start acting as what they’re meant to be — a management tool that builds assurance and confidence before your external assessment.

Linking Internal Audit Results to Risk and Improvement

One of the biggest mindset shifts in ISO 15189:2022 is this:
internal audits aren’t just about compliance anymore—they’re about learning.
Your findings should feed directly into how the lab manages risk, reviews performance, and drives improvement.

If your audit reports stop at “nonconformity closed,” you’re missing half the value of the process.

1. Connect Audit Findings to the Risk Register

Every finding tells a story.
Maybe it points to an uncontrolled risk, a weak process, or a training gap.
That’s why your risk register should reference internal audit outcomes—it keeps your management system truly integrated.

Example:
If an audit reveals that instrument maintenance logs are inconsistent, don’t just issue a corrective action.
Record it in your risk register under “equipment reliability” with a note on how it could affect test accuracy or turnaround time.

This proves that your lab doesn’t just fix problems; it analyzes why they matter.

Pro Tip: Include a column in your risk register for “Source of Identification.”
Mark “Internal Audit” for findings that came from this process—it’s a simple way to demonstrate risk-based thinking to assessors.

2. Use Trends to Prioritize Improvement

One audit doesn’t tell the whole story.
But tracking results across multiple audits reveals powerful trends.
If you notice the same weakness—say, inconsistent competence evaluations—appearing in different departments, that’s a system issue, not an isolated one.

Use that insight to plan targeted training or process redesign.
This kind of proactive improvement is exactly what ISO 15189:2022 rewards.

3. Feed Audit Outcomes Into Management Review

Clause 8.9 expects management reviews to include internal audit results, risk evaluations, and improvement opportunities.
That’s not a coincidence—these processes are meant to feed one another.

When you present audit data, don’t just list findings. Summarize what those findings mean.
For example:

• “Three findings related to competence documentation were identified. Root causes include unclear responsibilities and missing retraining triggers.”

• “Action: Procedure QP-05 updated, and retraining forms revised to include re-evaluation steps.”

That shows leadership that audits are working as intended — identifying real risks and driving measurable actions.

4. Verify the Effectiveness of Corrective Actions

Closing an audit finding isn’t the same as solving a problem.
Always re-check whether your corrective action actually worked.
If the same issue reappears in the next audit, the fix wasn’t effective — and that’s something assessors will notice fast.

Pro Tip: Keep a “Corrective Action Effectiveness Log.”
It shows which actions have been verified and which still need follow-up.
This simple document demonstrates maturity in your improvement process.

When you link your internal audit process to risk and improvement, it becomes more than a compliance tool—it becomes the heartbeat of your QMS.
It shows assessors that your lab doesn’t just react to issues; it learns, adjusts, and improves continuously.

Internal Auditor Competence and Impartiality

The strength of your internal-audit program depends entirely on who runs it.
ISO 15189:2022 now makes this explicit: auditors must be competent, impartial, and aware of risk-based thinking—not just familiar with checklists.

When I train new internal auditors, I always start with this reminder: an effective auditor isn’t a detective; they’re a mirror. Their job is to reflect how well the system works, not to catch people out.

1. Build Competence with Purpose

Auditors need more than ISO knowledge—they must understand laboratory processes and how quality links to patient safety.
Competence now includes:

• Knowledge of ISO 15189:2022 requirements and intent

• Understanding of laboratory workflows and data integrity controls

• Ability to evaluate staff competence objectively

• Skill in identifying risks, not just nonconformities

Pro Tip: Pair new auditors with experienced mentors during their first few audits. It’s the fastest way to build judgment and confidence.

2. Maintain Evidence of Auditor Competence

Just as you track analyst training, you must document auditor competence too.
Keep a simple record that includes:

• Auditor name and qualifications

• ISO 15189:2022 training certificates

• Records of audits performed

• Evaluation results from observation or peer review

Example:
A regional diagnostics lab added an “Auditor Competence Matrix” to its QMS. Assessors later highlighted it as a best practice—it clearly showed each auditor’s scope and experience level.

3. Protect Auditor Impartiality

Clause 8.8 is clear: auditors must not audit their own work or areas where they have direct responsibility.
That’s not bureaucracy—it’s about trust. An impartial auditor can question processes freely without conflict of interest.

Pro Tip: Rotate auditors between departments. For small labs, consider cross-auditing with another facility under the same group or inviting an external consultant for one annual cycle.

Common Mistake: Assigning section heads to audit their own sections “because they know it best.” That instantly weakens the credibility of your findings.

4. Support Auditors with Continuous Learning

Standards evolve, technology changes, and risks shift. Your auditors need refreshers at least once a year—especially during the transition period.
Brief them on new clauses, digital validation expectations, and how to evaluate effectiveness rather than documentation.

When auditors stay sharp, your internal-audit program becomes more than compliance—it becomes one of your lab’s most valuable improvement tools.

Using Internal Audits as Transition Readiness Checks

When your lab is preparing to transition to ISO 15189:2022, the smartest thing you can do is turn your internal audits into readiness drills.
Think of them as full rehearsals before the real performance — a chance to catch weaknesses, refine processes, and build confidence before your accreditation body arrives.

1. Treat Internal Audits as Mock Assessments

Don’t wait for the external audit to test your compliance.
Design one or two internal audits specifically to simulate an accreditation visit.
Use the same flow assessors follow: opening meeting, document review, on-site observation, interviews, and closing discussion.

Pro Tip: Assign one senior auditor to play the role of the accreditation assessor.
Let them ask open-ended questions like:

• “How do you ensure impartiality in this process?”

• “Show me how you validate your information system for data integrity.”

This gives staff real practice answering questions in plain language — something that often matters more than perfect paperwork.

2. Cover Transition-Specific Areas

During transition, your internal audits should focus on the parts of the system that changed the most.
For ISO 15189:2022, that means reviewing:

• Risk and opportunity management records

• Competence and impartiality evaluations

• Information management (LIS/LIMS) validation

• Updated procedures and their effectiveness

• Management review inputs related to risk and performance

If you can show evidence that these are in place and understood by staff, you’re already halfway ready for the formal assessment.

3. Involve Management in the Process

Your readiness audit isn’t just for the quality team.
Include laboratory leadership in the opening and closing meetings — it signals accountability and keeps improvement actions prioritized.

Example:
A hospital lab I worked with made their transition audit part of their monthly management review.
By discussing audit findings directly with the lab director and department heads, they closed 90% of corrective actions before their external audit even began.

4. Use Findings to Fine-Tune Before the Real Audit

Treat your readiness audit results as a safety net.
Every finding you uncover internally is one fewer surprise during your accreditation visit.
Categorize findings by risk level and assign owners to fix them quickly.

Pro Tip: Schedule a brief follow-up audit two months after your readiness audit to verify closure and confidence.

When internal audits are used this way, they stop being a checkbox task and become your strongest transition strategy.
By the time assessors arrive, your team won’t just be compliant — they’ll be prepared, practiced, and confident.

FAQs – Internal Audits During ISO 15189:2022 Transition

These are the questions I hear most often from labs preparing their internal audits for the ISO 15189:2022 transition.
If your team is asking the same things, you’re not alone. Let’s clear them up.

Q1: Can we keep using our old internal audit checklist?

You can — but only as a starting point.
Your 2012 checklist won’t capture the intent of the new clauses, especially around risk, competence, and data integrity.
Review and expand it to include questions like:

• “How are risks identified and controlled in this process?”

• “How do you verify staff competence for this activity?”

• “What measures ensure data integrity in your LIS?”

Pro Tip: Update your checklist by process, not by clause. That approach helps auditors see how requirements connect to daily operations.

Q2: How often should we perform internal audits during transition?

At least twice — once early in the transition to identify gaps, and again near the end to confirm readiness.
Some labs even schedule smaller, focused audits every few months for high-risk areas like patient data management or sample handling.

Example:
A genetics lab ran three focused audits over six months — one on competence, one on risk, and one on data integrity.
By the time the external audit arrived, they had no major findings because every issue had already been addressed internally.

Q3: Who can perform internal audits under ISO 15189:2022?

Anyone trained and competent in the new standard can do it — as long as they’re impartial and don’t audit their own work.
That includes quality officers, section supervisors, or trained technical staff.
For smaller labs with limited resources, external consultants can assist once a year to maintain objectivity.

Q4: Do we need to audit every clause during transition?

Not necessarily.
Focus first on new or revised areas — risk management, impartiality, competence, and information management.
Once those are stable, you can audit the full scope again as part of your annual cycle.

Pro Tip: Document your audit strategy clearly in your plan.
Assessors understand phased approaches if you show logic and control.

Q5: How do we present internal audit results to assessors?

Keep it simple.
Show them your audit plan, sample reports, corrective action records, and follow-up evidence.
Then explain how findings are linked to risks and improvements — that’s what proves your audits are driving your system, not just checking it.

Internal audits are the bridge between theory and reality during this transition.

Turn Audits into Assurance, Not Anxiety

Transitioning to ISO 15189:2022 can feel intimidating at first. But when internal audits are done right, they remove uncertainty — not create it.
They help you see your system exactly as an assessor will, long before the accreditation visit ever begins.

In my experience, the labs that treat internal audits as learning opportunities—not interrogations—always perform better under pressure.
Their staff are calmer, their documentation is cleaner, and their answers sound confident because they’ve already been tested internally.

Here’s the real takeaway:

• Audit early, and audit with intent.

• Focus on effectiveness, not just existence.

• Turn every finding into a lesson, not a penalty.

When you do that, your internal audit program becomes one of your greatest strengths. It doesn’t just prove compliance — it builds trust, improves performance, and prepares your team to handle ISO 15189:2022 with confidence.

If you’re ready to strengthen your internal audit system, QSE Academy’s ISO 15189:2022 Internal Audit Toolkit gives you ready-to-use templates, risk-based checklists, and clause-to-process mapping tools — everything you need to audit smarter, not harder.

If they’re planned and executed well, they’ll not only help you comply with ISO 15189:2022 — they’ll make your lab stronger and more resilient in the process.