Awardwinning internal audit support with a controlsbased approach
Internal audits are a core requirement of ISO management systems, but they are often treated as a compliance task rather than a structured assurance process.
AvISO provides independent internal audits that go beyond checklist auditing. As an award winning consultancy with a permanent fulltime team, we deliver structured audits using a controlsbased methodology, ensuring systems are assessed in line with how certification bodies evaluate compliance.
Our approach forms part of a wider Compliance Assurance Solution, combining consultancy expertise and structured delivery with ISOvA to provide clear visibility of risks, controls, evidence and audit outcomes.
AvISO helps organisations move from reactive audit preparation to a consistent, independent audit programme that supports ongoing compliance and improvement.
We support organisations with structured, independent internal audits aligned to their management systems and operational risks.
Our audits provide an external perspective, removing bias and internal assumptions while bringing sector experience and crossindustry insight into how systems perform in practice.
Organisations often face challenges around maintaining independence, preparing for audits and interpreting requirements. We address this by providing clear audit structure, practical feedback and systems that are easy to maintain between audit cycles.
We deliver internal audits across a range of standards and compliance areas, each requiring a different audit focus and methodology.
Internal audits in this area focus on controls, access, risk and governance.
Audits typically assess how risks are identified and managed, how controls are implemented and how effectively systems respond to threats. Information security and AI frameworks require greater emphasis on evidence, traceability and alignment to risk-based thinking.
AvISO approaches these audits by reviewing control effectiveness, data handling, user access, supplier risk and incident response, ensuring systems are aligned with real operational risk rather than documentation alone.
Quality audits focus on process consistency, control and performance.
Unlike control-heavy standards, quality audits require a strong understanding of how processes operate day to day. The emphasis is on whether systems deliver consistent outcomes, support objectives and drive improvement.
AvISO audits quality systems by following process flow, identifying gaps between documented procedures and actual activity, and ensuring objectives, monitoring and management review are meaningful and effective.
Legal compliance audits focus on whether organisations understand and meet their regulatory obligations.
These audits differ from standard system audits by concentrating on applicability, interpretation and evidence of compliance. The focus is on whether legal requirements are identified, kept up to date and translated into operational control.
AvISO assesses legal registers, evaluates compliance status and links obligations to processes and evidence, ensuring organisations can demonstrate legal compliance clearly during ISO audits and external review.
Audits in this area focus on operational risk, real-world activity and regulatory control.
Unlike documentation-led audits, these require a strong link to site activity, hazards, environmental impact and behavioural factors. Evidence is often practical, not just documented.
AvISO approaches these audits by reviewing how systems operate in practice, including risk assessments, controls, training, site activity and compliance with regulations. This ensures systems are aligned with actual operations and not just procedures.
Many organisations operate across multiple standards. Without integration, internal audits can become duplicated, inconsistent and difficult to manage.
AvISO designs audit programmes that align multiple standards within a single structure. This allows audits to focus on shared controls, risks and processes rather than treating each standard separately.
The result is a more efficient audit programme, clearer reporting and stronger alignment between standards.
ISOvA provides the structure behind internal audit delivery, bringing audits, actions, risks and evidence into one system.
Through ISOvA, organisations can maintain visibility of audit activity, track nonconformities and ensure actions are followed through. This creates a consistent and auditable record of internal assurance across the organisation.
Internal audits become part of an ongoing system rather than a standalone activity.
Get in touch to discuss how we can support your management system implementation, integration or improvement
Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
