Quality auditing: what
makes a good auditor?
explains the important combination of knowledge and skills and how an effective evaluation of these makes a good auditor
Audits play a crucial role in every organization’s future and success because they contribute to management’s decision making process. This is why their competence is essential. The question of what makes a good auditor is a complex one and the short answer is an auditor that has the required competencies to achieve an audit’s objectives. But how do we decide what the required competencies are and how do we evaluate them?
Since the early 1990s I have noticed a rapid change in the way audits have been perceived and conducted. Audits used to be more focused on compliance that was mainly verified through documentation and records, and were more output rather than outcome oriented. Then, the emphasis for a good auditor was frequently placed on his or her understanding the standards used as audit criteria and the auditors’ personal attributes. Expectations today are that auditors have a good understanding of an organization’s business especially as auditors are expected to make recommendations for improvement.
Skills and knowledge
Both internal and external auditors need certain generic pieces of knowledge. For example, knowledge of the subject matter and the criteria for the audit, knowledge of the organization products and its processes and knowledge of applicable legal and regulatory requirements. They will also need general skills in planning and preparing for audits, conducting on-site audits, verbal and written reporting and follow-up activities. These skills are usually based on the subject matter of the audit.
To ensure successful achievement of audit objectives, auditors need specific knowledge and skills to ensure that the audit is a value-adding process for the organization and its processes. These can include technical knowledge and expertise of the organization’s industry sector and its past, current and future business environment, its products, its customer requirements, its impacts and its associated business risks. Also important is knowledge of specific tools and techniques for improvement in order to make useful recommendations. Specific skills for assessing the organisation’s culture and applying the most suitable methodology for auditing and reporting are required to ensure effective interviews and that audit findings are in line with the business language.
A good auditor will be competent, which is defined in ISO 19011 as ‘demonstrated personal attributes and demonstrated ability to apply knowledge and skills’.
To avoid making a long list of what makes a good auditor, I refer to ISO 19011 section seven which includes a comprehensive list of qualities and generic ‘knowledge and skills’, and how they can be obtained and evaluated. You could say that a good auditor is one that has all of those listed attributes and has demonstrated that he or she can consistently apply his or her knowledge and skills. In my opinion, however, the key is in the evaluation of competence. The evaluation can be internal, external (through IRCA for example), or even both.
In my view, a good auditor is one that has the generic competencies but finds out exactly what specific competencies are required for an audit, through understanding the audit objectives, audit criteria and background information on the organization. A good auditor will not only ensure he or she has or obtains the competencies needed prior to the audit, but will also ensure that they are objectively evaluated to match the audit objectives and requirements. They will also continually develop and re-evaluate their competencies through continuing professional development, client feedback, monitoring of the impacts of his or her audits, and independent and objective evaluation.
The future
The competencies needed by an auditor have changed rapidly over the last 20 years and will continue to evolve alongside the many changes in economical, social, environmental and political factors that affect organizations’ survival and progress. Auditors’ understanding of how these factors may affect an organization, and its compliance with standards, will be crucial in being able to give constructive feedback to an organization for its decision making and improvement.
I believe the changes we have seen in the past few years will continue more rapidly. Past audit results and company performances will be reviewed and various actions will be taken to improve the audit process and to identify new competency requirements for auditors and new ways of evaluating them.
New evaluation methods will become particularly relevant when ISO 17021 part 2 is published. Currently, the guidelines for evaluation reference qualifications and experience as indicators of competence. The approach in ISO 17021 part 2 is different. Certified auditors may be judged on their competency alone with little or no requirement for specific qualifications. And while I applaud the intentions of this standard, the results achieved from ISO 17021 part 2 will rely very much upon its correct interpretation and implementation, not just the existence of the standard.
We must also note that effective achievement and evaluation of the type of competencies we are talking about will incur costs. Therefore, unless organizations seeking certification see enough value in it to accept the costs, and unless certification bodies can demonstrate the value, I doubt that things will change too soon.
About the author
Nina Abbassi, managing director of Abbassi Ltd, has been auditing since 1992, carrying out first-, second- and third-party audits and gap assessments internationally for a wide range of organisations. She has worked in a variety of sectors and audited against several national and international standards. She has also designed and delivered many auditor training courses and specific training programmes for auditors.
 |
 Have an issue to raise? A question to ask? Give us your opinions now in the Online Forums. |