A structured approach to integrating audits to create organisational efficiencies: ISO 9001 and ISO 27001 audits

Although some articles have been written about integrated audits, they do not examine combining audits for ISO 9001 (quality management systems) and ISO 27001 (information security management systems). This topic is relevant across a wide spectrum of the Quality Management and research community, not to mention external auditors and staff with operations and information technology responsibilities. Furthermore, it provides insights into the new version of PAS 99 (specification for integrated management systems (IMS)). Quality Management practitioners may not be fully aware of the affordances of an IMS and combining internal audits. However, integrated audits make it possible to achieve efficiencies in the audit process whilst maintaining the benefits gained from audits such as process improvements. Clusters of research propositions were derived from a literature review comprising academic and professional sources and tested within a commercial organisation. The sample comprised internal auditors, auditees and external auditors. The findings and conclusions point to a reduction in audit effort, the number of audits and the audit resource required. A framework for establishing integrated audits is formulated.