Skip to content.
MBIE Logo

M-18 Internal audit

M-18 Internal audit refers to regulation 17(2)(h) and must be read in conjunction with regulations 5 and 6.

Purpose

To perform a series of regular, scheduled internal audits/reviews to ensure the (organisation’s name’s) quality assurance system remains suitable and effective, and complies with any regulatory requirements.

Roles and responsibilities

  • The (TBA) is responsible for:
    • planning for scheduled and unscheduled internal audits
    • assigning and training internal auditors.
  • Internal auditors are responsible for:
    • performing internal audits
    • drawing the results of audits to the attention of management, employees and/or contractors responsible
    • verifying that corrective action has been taken in a timely and effective manner.

Procedure

1  General guidelines

1.1  Internal audits verify that the building consent authority’s systems, documented processes and quality assurance systems are implemented and maintained effectively, and continue to comply with the organisation’s documented policies, processes and procedures, and all relevant regulatory requirements.

1.2  Internal audits are conducted by suitably qualified employees or contractors. Individuals must not audit work or activities they performed or were involved in.

2  Scheduled audits

2.1  Each building control function should have at least one scheduled audit per annum. Additional audits may be required to verify implementation of corrective actions or recommendations identified in previous audits.

2.2  The internal audit schedule must be updated on a regular basis.

3  Unscheduled internal audits

3.1  Unscheduled audits may occur because of, but not limited to:

  • an internal complaint about the system
  • a customer or external complaint about the system
  • related problems found when auditing another area
  • the detection of serious deficiencies by the building consent authority accreditation body, the Department of Building and Housing, or any other government agency.

4  Conducting the internal audit

4.1  The internal audit should be carried out using the internal audit report forms and audit checklists. Notes must be taken throughout the audit.

4.2  The auditor shall examine samples of objective evidence for compliance and make notes about all samples reviewed. Evidence of non-compliance or good practice shall be recorded and reviewed at the end of the audit before the findings are presented to the employee(s) or contractor(s) responsible for the area being audited.

5  Audit findings classifications

5.1  Observations
An isolated lapse of completion or non-conformity which will not have significant impact on operations, or a recommendation for system improvement unrelated to non-conformity.

5.2  Minor non-conformance
A more significant non-conformity or lapse which will not have an immediate impact on quality but, if left incomplete, may create a risk to meeting objectives.

5.3  Major non-conformance
A significant lapse or non-conformity which may have an immediate impact on quality and requires immediate attention.

5.4  Critical non-conformance: 
A lapse that requires immediate attention and which, if not rectified, will result in (organisation’s name) being in non-compliance with legal requirements or will place employees’ or contractors’ safety at risk.
There shall also be a fifth category:

5.5  Compliment
This is an example of best practice or excellent performance, which should be drawn to the attention of other employees or contractors in the team.

6  Internal audit reporting

6.1  All internal audit notes, data, files, and other relevant information are recorded and filed in a place that facilitates easy retrieval for verification and close-out of identified corrective actions and recommendations.

7  Continuous improvements

7.1  Minor or major non-conformances should be entered into the continuous improvement system.

8  Close-out of a continuous improvement

8.1  Timely and effective close-out of a continuous improvement as the result of internal audit ensures that identified non-conformance does not re-occur.

(Example Only)

Back to top