ISO/IEC 17043 Internal Audits During Transition
ISO/IEC 17043 Internal Audits During Transition
Last Updated on December 23, 2025 by Melissa Lazaro
Why ISO/IEC 17043 Internal Audits Matter During the 2023 Transition
During a transition, internal audits quietly become one of the most important signals you send to your accreditation body.
I’ve seen PT providers with decent documentation still struggle in audits because their internal audit program hadn’t evolved. It was still checking yesterday’s system against yesterday’s rules.
Here’s what’s happening now. Even if your accreditation is formally under ISO/IEC 17043:2010, assessors expect your internal audits to acknowledge the 2023 edition. They want evidence that you understand what’s changing and that you’re testing your system against those expectations.
This article shows you how to run internal audits during transition that actually help—rather than creating confusion or unnecessary findings.
Internal Audits vs Transition Gap-Analysis – Understanding the Difference
Let’s clear this up first, because this is where many providers get stuck.
A transition gap-analysis asks:
“Where do we fall short of ISO/IEC 17043:2023?”
An internal audit asks:
“Are our processes working as intended, and are they effective?”
During transition, you need both—but they serve different purposes.
I’ve seen providers try to combine them into one exercise. That usually backfires. The audit becomes vague, and the gap-analysis loses focus.
This is important because assessors expect internal audits to remain operational and evidence-based—not speculative.
Pro tip:
Use the gap-analysis to identify what needs to change. Use internal audits to check whether those changes are actually working.
Planning ISO/IEC 17043 Internal Audits During Transition
Audit planning during transition shouldn’t be business as usual.
ISO/IEC 17043:2023 reinforces risk-based thinking, and your audit program should reflect that. High-risk areas—like scheme design, competence, statistics, and impartiality—deserve more attention than low-impact administrative processes.
I often see audit plans that evenly distribute time across all clauses. That looks tidy, but it doesn’t reflect reality.
Align your audit schedule with:
- upcoming surveillance or transition assessments,
- newly updated processes,
- and areas where the standard’s expectations clearly increased.
Real-world insight:
Assessors notice when internal audits mirror their own risk-based approach. It builds confidence fast.
Updating Internal Audit Criteria to Include ISO/IEC 17043:2023
One of the most common questions I get is:
“Can we audit against the 2023 standard if we’re not fully transitioned yet?”
Yes—but how you frame it matters.
Your audit criteria should clearly state:
- which parts are assessed against ISO/IEC 17043:2010,
- which parts are assessed against ISO/IEC 17043:2023 expectations,
- and where transitional arrangements apply.
Avoid vague language like “future requirements considered.” That doesn’t help anyone.
Pro tip:
Auditors are comfortable with phrases like “assessed against ISO/IEC 17043:2023 expectations as part of transition planning.” Clarity beats caution.
Conducting Process-Focused Internal Audits Under ISO/IEC 17043:2023
During transition, internal audits should focus less on whether documents exist and more on how work is actually done.
For example:
- How are scheme risks identified and reviewed?
- How is competence evaluated in practice?
- How are statistical decisions reviewed and approved?
I’ve sat in internal audits where auditors never spoke to scheme coordinators or statisticians. That’s a missed opportunity.
Common pitfall:
Auditing procedures in isolation, without following the process end to end.
What works well:
Trace one PT scheme from planning through reporting. You’ll uncover more transition issues in two hours than in a full day of document checks.
Internal Audits of PT Schemes During Transition
Scheme-level audits are especially powerful during transition.
ISO/IEC 17043:2023 raises expectations around scheme logic, justification, and reporting. Auditing individual schemes shows whether those expectations are actually understood.
When selecting schemes to audit:
- include complex or high-risk schemes,
- rotate schemes across audit cycles,
- don’t just audit the “best-looking” ones.
I’ve seen scheme audits reveal gaps in statistical justification and participant communication that system-level audits completely missed.
This is important because assessors almost always sample schemes during transition audits.
Raising and Grading Internal Audit Findings During Transition
How you write findings matters more than many people realize.
During transition, not every issue needs to be a nonconformity. Some are:
- transition gaps,
- improvement opportunities,
- or observations linked to future requirements.
Over-grading findings creates unnecessary pressure. Under-grading them creates credibility problems.
Pro tip:
Clearly distinguish between:
- nonconformities against current requirements,
- and gaps against ISO/IEC 17043:2023 expectations.
That transparency reassures assessors that you’re managing the transition responsibly.
Corrective Actions & Follow-Up for Transition-Related Findings
Transition-related findings shouldn’t disappear into a generic corrective action log.
They should feed directly into your transition action plan.
Strong corrective action records show:
- what changed,
- who was responsible,
- and how effectiveness was verified.
I’ve seen providers close findings with document updates only, while the underlying practice stayed the same. Assessors catch that quickly.
What works:
Follow-up audits or targeted checks that confirm the change actually took hold.
Using Internal Audit Results as Evidence for Accreditation Bodies
Internal audit records often become quiet heroes during transition audits.
Assessors look for evidence that you:
- identified transition risks early,
- tested updated processes internally,
- and adjusted based on results.
You don’t need perfect outcomes. You need honest records that show learning and improvement.
Practical guidance:
Be ready to explain why certain areas were audited and what you did with the results. That conversation matters more than the checklist itself.
FAQs – ISO/IEC 17043 Internal Audits During Transition
Do internal audits need to fully audit ISO/IEC 17043:2023 before transition is complete?
No. They should progressively test 2023 expectations as part of transition planning.
Can one internal audit cover both 2010 and 2023 requirements?
Yes, if criteria are clearly defined and findings are clearly classified.
Will assessors review internal audit records during transition audits?
Almost always. Especially where findings relate to scheme design, risk, or competence.
Conclusion – Getting ISO/IEC 17043 Internal Audits Right During Transition
Internal audits during transition aren’t about catching people out. They’re about proving control.
When done well, they show accreditation bodies that you understand ISO/IEC 17043:2023, that you’re testing your system against it, and that you’re managing change deliberately—not reactively.
From what I’ve seen in real audits, PT providers who update their internal audit approach early experience fewer surprises and far smoother transitions.
If your internal audits still look like they did five years ago, now’s the time to evolve them—before an assessor does it for you.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
