ISO 19011:2018 Clause 7.2 Determining auditor competence

ISO 19011:2018 16 Minutes


7.2.1 General

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the following should be considered:
a) the size, nature, complexity, products, services and processes of auditees;
b) the methods for auditing;
c) the management system disciplines to be audited;
d) the complexity and processes of the management system to be audited;
e) the types and levels of risks and opportunities addressed by the management system;
f) the objectives and extent of the audit programme;
g) the uncertainty in achieving audit objectives;
h) other requirements, such as those imposed by the audit client or other relevant interested parties, where appropriate.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the size, nature, complexity, products, services and processes of auditees should be considered. In the field of auditing, competence is a critical factor in ensuring that audits are conducted effectively and efficiently. The auditor’s knowledge and skills must align with the specific characteristics of the auditee’s organization. Here are some key points to consider:

  1. Industry Knowledge: Auditors need to have a solid understanding of the industry in which the auditee operates. This includes knowledge of industry-specific regulations, accounting practices, and operational processes.
  2. Size and Complexity: The size and complexity of an organization can significantly impact the audit process. Larger and more complex organizations may require auditors with more advanced skills and experience to navigate intricate financial structures and complex business operations.
  3. Nature of Operations: Different industries have different risks and operational characteristics. For example, auditing a manufacturing company may require knowledge of production processes and inventory management, while auditing a service-oriented business may focus more on revenue recognition and contractual obligations.
  4. Products and Services: Auditors should be familiar with the products and services offered by the auditee. This is crucial for understanding revenue recognition, cost structures, and potential risks associated with specific product lines.
  5. Regulatory Environment: The auditor should be well-versed in the regulatory environment relevant to the auditee. Compliance with laws and regulations is a key aspect of auditing, and the auditor must have the competence to assess compliance.
  6. Technology and IT Systems: In the modern business environment, technology plays a crucial role. Auditors need to be competent in understanding and auditing information technology systems, data security, and the impact of technology on financial reporting.
  7. Process Understanding: A deep understanding of the auditee’s business processes is essential. This includes not only financial processes but also operational and internal control processes.
  8. Risk Assessment: Competent auditors are skilled in assessing risks. They should be able to identify and evaluate risks relevant to the auditee’s industry and business, and plan their audit procedures accordingly.

In summary, the competence of an auditor is not a one-size-fits-all concept. It should be tailored to the specific characteristics and nuances of the organization being audited. This tailored approach ensures that the audit is effective, providing relevant and meaningful insights to stakeholders.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the methods for auditing should be considered. The auditor’s competence in terms of auditing methods and techniques is a critical factor in ensuring a thorough and effective audit. Here are key aspects related to auditing methods that auditors should consider:

  1. Risk Assessment Methods: Auditors should be adept at assessing and understanding the risks associated with the auditee’s industry, operations, and financial reporting. This includes the ability to identify and prioritize risks, as well as develop appropriate audit procedures to address them.
  2. Audit Planning and Strategy: Competent auditors must be skilled in developing comprehensive audit plans. This involves setting the scope of the audit, determining materiality thresholds, and establishing the overall strategy for conducting the audit.
  3. Internal Control Evaluation: Understanding and evaluating internal controls is a crucial aspect of auditing. Auditors should be proficient in assessing the design and effectiveness of internal controls relevant to financial reporting.
  4. Substantive Testing Techniques: Auditors need to be familiar with various substantive testing procedures, such as analytical procedures, substantive analytical procedures, and tests of details. These techniques help auditors gather sufficient and appropriate evidence to support their conclusions.
  5. Sampling Methods: Auditors often use sampling to test a portion of the population when conducting audit procedures. Knowledge of different sampling methods, such as statistical sampling or judgmental sampling, is important for designing effective and efficient audit tests.
  6. Audit Documentation: Competent auditors should understand the importance of thorough and organized audit documentation. This includes documenting the audit procedures performed, evidence obtained, and conclusions reached. Clear documentation is essential for quality control and review purposes.
  7. Fraud Detection Techniques: Auditors should be skilled in recognizing indicators of fraud and implementing procedures to detect and respond to the risk of material misstatement due to fraud. This involves understanding the psychology of fraud, assessing fraud risk factors, and implementing appropriate audit procedures.
  8. Communication Skills: Effective communication is a critical skill for auditors. This includes the ability to communicate audit findings, issues, and recommendations clearly and professionally to both the auditee’s management and stakeholders.
  9. Technology and Data Analytics: With the increasing use of technology in business operations, auditors need to be familiar with data analytics tools and techniques. This includes using data analysis to identify anomalies, trends, and potential areas of risk.
  10. Continuing Professional Education: Auditors should engage in ongoing professional development to stay current with changes in auditing standards, regulations, and emerging best practices. This ensures that auditors maintain the necessary competence over time.

In summary, an auditor’s knowledge and skills related to auditing methods are fundamental to the success of an audit. These skills, combined with an understanding of the auditee’s business and industry, contribute to the overall competence needed to perform a high-quality audit.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the management system disciplines to be audited should be considered. An auditor’s competence should extend beyond auditing methods and encompass knowledge and skills related to the management system disciplines specific to the auditee. This is particularly relevant in the context of management system audits, where auditors assess an organization’s adherence to established standards and frameworks. Here are key considerations for an auditor’s competence in this regard:

  1. Understanding of Management Systems Standards: Auditors should be well-versed in the specific management system standards applicable to the auditee’s industry or sector. This could include standards such as ISO 9001 (Quality Management), ISO 14001 (Environmental Management), ISO 45001 (Occupational Health and Safety), among others.
  2. Knowledge of Regulatory Requirements: Auditors should have a deep understanding of relevant regulatory requirements that impact the auditee’s management system. This involves staying informed about changes in regulations and ensuring that the organization’s practices align with legal obligations.
  3. Industry-Specific Expertise: Depending on the nature of the auditee’s business, auditors should possess industry-specific knowledge. This includes understanding the unique challenges, best practices, and benchmarks associated with the auditee’s sector.
  4. Risk Management Competence: Competent auditors should be able to assess the effectiveness of the auditee’s risk management processes within the context of the management system. This involves evaluating how well risks are identified, analyzed, and mitigated.
  5. Process Mapping and Optimization: Understanding and evaluating processes is a key aspect of management system audits. Auditors should be skilled in process mapping, identifying key control points, and assessing the efficiency and effectiveness of these processes.
  6. Internal Audit Processes: Auditors should be familiar with internal audit processes and best practices. This includes understanding how the auditee conducts its own internal audits, addressing non-conformities, and ensuring continuous improvement.
  7. Documented Information and Recordkeeping: Management systems often require thorough documentation and recordkeeping. Auditors should be adept at assessing the adequacy of documented information, ensuring it meets the requirements of the applicable standard, and is effectively maintained.
  8. Performance Measurement and Monitoring: Auditors should have the competence to evaluate how the auditee measures and monitors its performance against established objectives and targets. This involves assessing the effectiveness of key performance indicators (KPIs) and the organization’s overall performance management framework.
  9. Continuous Improvement Processes: Management systems emphasize the importance of continuous improvement. Auditors should be skilled in assessing how the auditee identifies areas for improvement, implements corrective actions, and tracks progress over time.
  10. Effective Communication with Management: The ability to communicate effectively with management is crucial. Auditors should be able to convey audit findings, recommendations, and areas for improvement in a clear and constructive manner.

In summary, an auditor’s competence in the context of management system audits requires a deep understanding of the relevant standards, industry-specific considerations, and the ability to assess the effectiveness of the auditee’s management system disciplines. This holistic approach ensures that the audit provides valuable insights into the organization’s overall compliance and performance.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the complexity and processes of the management system to be audited should be considered. The competence of an auditor plays a crucial role in the effectiveness and reliability of an audit, particularly when it comes to the complexity and processes of the management system being audited. Here are key considerations regarding the auditor’s knowledge and skills in this context:

  1. Understanding the Management System Framework: Auditors should have a comprehensive understanding of the specific management system framework that the organization has adopted. Whether it’s ISO 9001 for quality management, ISO 14001 for environmental management, or others, auditors need to be well-versed in the requirements and principles of the chosen standard.
  2. Process Understanding: A deep understanding of the auditee’s business processes is essential. Auditors should be able to map out and comprehend how various processes interconnect within the management system. This includes both core operational processes and supporting processes.
  3. Risk-Based Thinking: Competent auditors should be skilled in applying risk-based thinking. This involves the ability to identify, assess, and prioritize risks within the context of the management system, ensuring that audit efforts are focused on areas of higher risk.
  4. Documented Information and Recordkeeping: Auditors need to assess how well the organization manages documented information and recordkeeping within the management system. This includes evaluating the adequacy and effectiveness of document control and record retention processes.
  5. Internal Audit Processes: Knowledge of internal audit processes is crucial. Auditors should understand how the organization plans, conducts, and follows up on internal audits. This includes assessing the effectiveness of the internal audit function in identifying areas for improvement.
  6. Change Management Processes: In dynamic business environments, changes are inevitable. Auditors should be competent in evaluating how the auditee manages changes within the organization, particularly those that impact the management system. This includes assessing change control processes.
  7. Performance Measurement and Monitoring: Auditors need to evaluate how the organization measures and monitors its performance against key objectives and targets outlined in the management system. This involves assessing the effectiveness of performance indicators and the overall monitoring framework.
  8. Continuous Improvement Processes: The ability to assess and promote continuous improvement is a key competence. Auditors should understand how the auditee identifies areas for improvement, implements corrective and preventive actions, and tracks progress over time.
  9. Communication with Process Owners and Stakeholders: Effective communication is vital. Auditors should be able to engage with process owners, management, and other stakeholders to gather information, convey audit findings, and provide recommendations in a constructive manner.
  10. Technical Competence in Industry-Specific Processes:
  11. Depending on the industry, auditors may need technical competence in specific processes. For example, a quality management system auditor in manufacturing should understand production processes and quality control measures.

In conclusion, an auditor’s knowledge and skills related to the complexity and processes of the management system being audited are foundational to conducting a thorough and meaningful audit. This competence ensures that the audit is tailored to the organization’s unique context and provides valuable insights into the effectiveness of the management system.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the types and levels of risks and opportunities addressed by the management system should be considered. Considering an auditor’s knowledge and skills related to the types and levels of risks and opportunities addressed by the management system is essential for a comprehensive and effective audit. Here are key points to consider in this regard:

  1. Risk Identification and Assessment: Auditors should be proficient in identifying various types of risks that may affect the organization’s ability to achieve its objectives. This includes risks related to quality, environmental impact, occupational health and safety, or other areas addressed by the management system.
  2. Understanding Risk Tolerance and Acceptance: Competent auditors should understand the organization’s risk tolerance and acceptance criteria. This involves assessing whether the organization has clearly defined its appetite for risk and has appropriate measures in place to manage risks within acceptable levels.
  3. Opportunity Recognition: In addition to risks, auditors should be skilled in identifying opportunities. Opportunities can be positive deviations from the expected outcomes and can contribute to the achievement of organizational objectives. Auditors should assess how well the organization identifies and capitalizes on opportunities.
  4. Integration of Risk and Opportunity Management: Auditors should evaluate the integration of risk and opportunity management into the organization’s overall management system. This includes assessing whether there are systematic processes in place for identifying, assessing, and responding to risks and opportunities.
  5. Linkage to Objectives and Targets: The auditor’s competence should extend to understanding how risks and opportunities are linked to the organization’s objectives and targets outlined in the management system. Auditors should assess whether the management system is effectively aligned with the organization’s strategic goals.
  6. Risk Mitigation and Response Strategies: Competent auditors should be able to evaluate the effectiveness of the organization’s risk mitigation and response strategies. This involves assessing whether the organization has implemented appropriate controls and actions to manage identified risks and leverage opportunities.
  7. Monitoring and Review of Risks and Opportunities: Auditors should assess the organization’s processes for ongoing monitoring and review of risks and opportunities. This includes evaluating the frequency and effectiveness of risk assessments and the mechanisms in place to update risk profiles as circumstances change.
  8. Communication and Reporting: Effective communication is crucial. Auditors should assess how well the organization communicates information about risks and opportunities to relevant stakeholders, including internal and external parties. This includes considering transparency and clarity in reporting.
  9. Training and Awareness: Auditors should evaluate the organization’s efforts in training and creating awareness among employees regarding risks and opportunities. This includes assessing whether there is a shared understanding of risk management principles throughout the organization.
  10. Adaptability and Flexibility: Given that risks and opportunities are dynamic, auditors should be adaptable and flexible in their approach. This involves assessing whether the organization has mechanisms in place to adapt its risk management strategies in response to changing circumstances.

In summary, an auditor’s competence in understanding and assessing the types and levels of risks and opportunities addressed by the management system is crucial for ensuring the organization’s resilience, compliance, and overall effectiveness. It enables auditors to provide valuable insights into the organization’s risk and opportunity management processes during the audit.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the objectives and extent of the audit programme should be considered. An auditor’s competence in understanding the objectives and extent of the audit program is crucial for the success of the audit. Here are key considerations regarding the auditor’s knowledge and skills in this context:

  1. Understanding Audit Objectives: Competent auditors should have a clear understanding of the specific objectives of the audit. This involves knowing the purpose of the audit, whether it’s focused on compliance, performance improvement, risk management, or a combination of these objectives.
  2. Alignment with Organizational Goals: Auditors need to comprehend how the audit objectives align with the overall goals and priorities of the organization. This ensures that the audit provides meaningful insights that contribute to the organization’s success.
  3. Scope Definition: Competence in defining the scope of the audit is essential. Auditors should be able to determine the boundaries of the audit, identifying the processes, functions, and areas within the organization that will be covered.
  4. Risk-Based Approach: A risk-based approach to auditing involves focusing efforts on areas of higher risk or significance. Auditors should be skilled in applying a risk-based methodology to determine the extent of audit procedures, ensuring that resources are allocated where they are most needed.
  5. Comprehensive Planning: Competent auditors excel in audit planning. This includes developing a comprehensive audit plan that outlines the audit objectives, scope, methodology, resources required, and a timeline for completion.
  6. Audit Program Development: Auditors should have the ability to develop a detailed audit program that outlines the specific procedures and tests to be performed. This program should be tailored to address the identified risks and objectives of the audit.
  7. Resource Allocation: Understanding how to allocate resources effectively is a key skill. This involves determining the appropriate mix of personnel, time, and technology to conduct the audit in a thorough and efficient manner.
  8. Data Collection Methods: Competent auditors should be skilled in selecting and applying appropriate data collection methods. This includes knowing when to use interviews, document reviews, observations, and data analytics to gather relevant audit evidence.
  9. Evidence Evaluation: Auditors need to be proficient in evaluating the sufficiency and appropriateness of audit evidence. This involves assessing the reliability of information gathered and ensuring that it supports the audit conclusions.
  10. Communication of Audit Findings: Effective communication is crucial. Auditors should be skilled in presenting audit findings, conclusions, and recommendations in a clear and concise manner. This includes tailoring the communication to various stakeholders, including management and regulatory bodies.

In summary, an auditor’s competence in understanding the objectives and extent of the audit program is foundational to a successful audit. This knowledge and skill set ensure that the audit is well-planned, focused on the organization’s priorities, and capable of delivering valuable insights to stakeholders.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to the uncertainty in achieving audit objectives should be considered. An auditor’s competence in understanding and managing uncertainty is crucial for a successful audit. Here are key considerations regarding the auditor’s knowledge and skills related to the uncertainty in achieving audit objectives:

  1. Risk Management Expertise: Auditors should possess a strong understanding of risk management principles. This involves recognizing and assessing the uncertainties associated with the audit process and the auditee’s operations. Competent auditors can identify, analyze, and respond to risks that may impact the achievement of audit objectives.
  2. Risk-Based Audit Approach: Competent auditors apply a risk-based approach to audits. They assess the likelihood and impact of various risks on audit objectives, allowing them to prioritize audit efforts and resources where the risks are higher.
  3. Critical Thinking and Professional Judgment: Auditors need critical thinking skills to analyze complex situations and exercise professional judgment in uncertain circumstances. This includes the ability to make informed decisions when faced with incomplete or ambiguous information.
  4. Adaptability and Flexibility: Uncertainty may arise from unexpected changes or developments. Auditors should be adaptable and flexible, adjusting their audit approach and procedures as needed in response to changing circumstances.
  5. Scenario Planning: Competent auditors may engage in scenario planning, anticipating potential challenges or unexpected events that could impact the audit. This proactive approach helps auditors be better prepared to navigate uncertainties.
  6. Communication Skills: Effective communication is essential in managing uncertainty. Auditors need to communicate clearly with auditee management, stakeholders, and audit team members about the uncertainties inherent in the audit process and any potential impact on audit outcomes.
  7. Contingency Planning: Auditors should develop contingency plans to address unforeseen challenges or disruptions that may arise during the audit. This includes having alternative audit procedures in place and being prepared to adjust timelines if necessary.
  8. Understanding the Auditee’s Environment: A deep understanding of the auditee’s industry, business model, and operational environment is crucial. This knowledge helps auditors anticipate industry-specific risks and challenges that may introduce uncertainty into the audit process.
  9. Continuous Learning: Auditors need to engage in continuous learning to stay informed about emerging risks and changes in the business environment. This ongoing professional development helps auditors adapt their skills and knowledge to address evolving uncertainties.
  10. Collaboration and Teamwork: Uncertainties may be better managed through effective collaboration within the audit team. Competent auditors foster a collaborative environment where team members can share insights, expertise, and potential solutions to address uncertainties.

In summary, an auditor’s competence in managing uncertainty is essential for navigating the dynamic and complex landscape of audit engagements. This includes recognizing risks, adapting to changing circumstances, and employing effective communication and problem-solving skills to ensure the successful achievement of audit objectives.

In deciding the necessary competence for an audit, an auditor’s knowledge and skills related to other requirements, such as those imposed by the audit client or other relevant interested parties, where appropriate.should be considered. An auditor’s competence should extend to understanding and addressing other requirements imposed by the audit client or relevant interested parties. Here are key considerations regarding the auditor’s knowledge and skills related to these additional requirements:

  1. Client-Specific Requirements: Auditors should be familiar with any specific requirements set by the audit client. This may include industry-specific standards, contractual obligations, or unique expectations that the client has for the audit process.
  2. Legal and Regulatory Compliance: Competent auditors must be knowledgeable about the legal and regulatory requirements applicable to the audit client. This involves staying informed about changes in laws and regulations that may impact the client’s operations and financial reporting.
  3. Understanding Stakeholder Expectations: Auditors should be attuned to the expectations of relevant interested parties, such as shareholders, regulators, or industry groups. This understanding helps auditors align their procedures with broader stakeholder concerns.
  4. Communication and Relationship Management: Effective communication is crucial for understanding and addressing client-specific requirements. Competent auditors should have strong interpersonal skills to engage with the audit client and relevant interested parties, fostering a positive and collaborative relationship.
  5. Ethical Considerations: Auditors must adhere to ethical principles and professional standards. Competence in ethical decision-making is essential, especially when faced with situations that may involve conflicts of interest or ethical dilemmas related to client requirements.
  6. Confidentiality Management: Auditors need to be skilled in managing confidentiality requirements imposed by the audit client or other stakeholders. This includes safeguarding sensitive information and ensuring compliance with confidentiality agreements.
  7. Customizing Audit Approach: Each audit engagement is unique, and auditors should be competent in customizing their approach to meet the specific requirements of the audit client and interested parties. This may involve tailoring audit procedures to address client-specific risks or concerns.
  8. Quality Control and Assurance: Competent auditors should be familiar with quality control and assurance requirements. This includes adherence to audit standards, internal audit policies, and any quality assurance processes established by the audit firm.
  9. Independence and Objectivity: Auditors must maintain independence and objectivity in their work. Competent auditors understand the importance of unbiased reporting and avoid situations that may compromise their independence or create conflicts of interest.
  10. Contractual Agreements: In some cases, auditors may be subject to specific contractual agreements with the audit client or other parties. Competence in contract review and compliance ensures that the audit activities align with the terms and conditions outlined in contractual agreements.

In summary, an auditor’s competence should encompass not only technical skills related to audit procedures but also a broader understanding of client-specific and stakeholder requirements. This holistic approach ensures that the audit process is not only technically sound but also aligned with the expectations and obligations set by the audit client and other relevant interested parties.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply