Auditors are those people who get to the battlefield after it is over and then stab the wounded
- April 7th, 2008
Does that describe your auditors (internal of external) that you are employing? We have such a problem with auditors in industry currently in South Africa. Common problems experienced by organizations include:
- Auditors not registered with SAATCA or IRCA (International Registrar for Certified Auditors)
- Auditors not following the ISO19011 auditing guidelines
- Auditors not competent in terms of qualifications and experience
- Auditors auditing in a field which they are not competent in (eg. health & safety auditors auditing environment because it looks similar and easy)
- Auditors being unprofessional (arriving late, handing in 4-page audit reports or the client having to beg three months later to get hold of the audit report)
- Auditors not knowing how to compile an audit report according to international audit report writing principles
The list is endless. Let us have a look at the ISO19011: 2002 guidelines for auditors. This document gives the foundation of who, what and how an auditor should be, do and act as well as the framework for doing a systematic audit from A to Z.
The principles of auditing are:
• Ethical Conduct: The foundation of professionalism – Trust, integrity, confidentiality & discretion
• Fair Presentation: The obligation to report truthfully & accurately – Audit findings, conclusions & reports are reflected truthfully & obstacles & unresolved opinions are reported
• Due Professional Care: The application of diligence & judgement in auditing – Care with their task & confidentiality
• Independence: The basis for the impartiality of the audit & objectivity of the audit conclusions – Independence & free from bias & conflict of interest
• Evidence-based Approach: The rational method for reaching reliable & reproducible audit conclusions in a systematic audit process – Verifiable & based on samples
The ISO19011 guideline then gives further information regarding the competency of an auditor and lead auditor (Adapted from Table 1, Page 27 of ISO19011).
A further checking tool is to look at the registered auditors on the SAATCA (South African Auditing and Training Certification Body) website www.saatca.co.zaTo be registered as such an auditor a strict protocol is maintained which include the above ISO19011 criteria as well as the handing in of a comprehensive CV of the prospective auditors, the continual professional development you have done over the past year, sponsor reports and a report on your professional abilities. Then the SAATCA board sits and decides if they would allow you to be registered under their name. It is quite a process but well worth it. Remember: the easier it is to be accepted as an auditor at other institutions the more you need to ask yourself if this “status” will benefit you as an individual and what credibility this qualification will have in the market place?
Before you have an audit done on your site, verify the auditor status, competency and registrations against the SAATCA database to ensure you are getting a competent individual to audit your organization.
ISO19011 also identifies the systematic approach to be followed in the auditing process (Adapted from ISO19011, Page 10):
1. Initiating the audit
- appointing the audit team leader- defining audit objectives, scope and criteria- determining the feasibility of the audit- selecting the audit team- establishing initial contact with auditee
2. Conducting document review
- reviewing relevant management system documents, including records, and determining their adequacy with respect to audit criteria
3. Preparing for the on-site audit activities
- preparing the audit plan- Assigning work to the audit team- Preparing work documents
4. Conducting on-site audit activities
- conducting opening meeting- communication during the audit- roles and responsibilities of guides and observers- collecting and verifying information- generating audit findings- preparing audit conclusions- conducting closing meetings
5. Preparing, approving and distributing the audit report
- preparing the audit report- approving and distributing the audit report
6. Completing the audit
7. Conducting audit follow-up
Is this process followed by your auditors? If not you need to investigate why the audit is not done according to international guidelines.
6 Responses to “Auditors are those people who get to the battlefield after it is over and then stab the wounded”
Leave a Reply
The Value Of Mini Risk Assessments
This article first appeared in the Health & Safety At Work magazine in December 2008. …
May 15th, 2009 & Filed in Health & SafetyIntegrating Quality Management Into Shopfloor Procedures
ISO9001:2008 is all about Quality Management. In order to have a successfully implemented Quality Management System (ISO9001: 2008) a team effort is needed.
This means that everybody in the organization has …
March 16th, 2009 & Filed in Management SystemsContractors Health & Safety File Explained
Health and Safety files are a contentious issue. I’m referring to the Safety files that are expected to be compiled, maintained and available by the contractor/sub-contractor. The average contractor views …
February 18th, 2009 & Filed in Health & SafetyQuality Management Systems: Charting the Journey
Quality Management Systems have a few pre-requisites. You need to understand them before you can get down to developing or evaluating any Quality Management System (QMS).
Sequencing is important and cross-checks …
November 12th, 2008 & Filed in Management Systems
May 19th, 2008 at 8:46 am
For an audit to be effective it must add value to the organisation. This can only be achieved if :
the auditor is competent
the auditee is open
the evidence is objective
the auditor is supportive and not policing.
Findings and continuous improvements are well defined.
Reports of the audit is comprehensive and clear.
November 7th, 2008 at 11:26 am
Hi
I have a small question that maybe you can help with.I did ISO 9001 emplemetion course in 2005 and currently responsible for all qa functions at my work place but would like to further my auditing qualification. Do you know if there is any specific cause that i can do. Currently studying TQM attended the lecture you recently presented at Unisa
November 10th, 2008 at 8:45 am
Hallo Percy
The next step in the career-path development is to do the Integrated SHEQ Auditors course followed by the Moody International/IRCA course. Both are offered by Advantage ACT. Looking forward to seeing you there. Look at your inbox to see the information docs on each.
Regards
Christel
February 5th, 2009 at 1:49 pm
Very informative. The systemic approach in auditing process will help me prepare for our audits.
Question: what should be included in an internal audit programme?
May 15th, 2009 at 9:18 am
Hi Christel
I am a safety consultant for professional consulting company in the construction industry(building). My question is, may i do audits on contractors even though i dont have a auditors accreditation. I have only samtrac and hira but i do have experiance in auditing from previous work that i did??
May 15th, 2009 at 2:20 pm
Hi Lourens
Thank you for the feedback. The issue is one of competency and proving it. Should something go worng - how would you proof to a court of law that you were the most competent person to do the audit? ?You can maybe proove experience, but knowledge? If your company is an ISO/OHSAS certified company you may not audit unless you have met the requirements of ISO19011 page 27 table 1. It basically boils down to a 40 hour theoretical course and 120 hours of auditing experience and 5 years of working experience. I hope this helps. Regards Christel.