What should you look for in an auditor so that their work is effective and able to add value to your business? A good idea is to start with the six principles that underlie the work of this type of professional and that are presented in ISO 19011 - Guidelines for auditing management systems.
The first four principles refer to the auditor, while the last two refer to the audit:
- Integrity: is the foundation of an auditor's professionalism, the basis for building a relationship of trust with the client and guaranteeing the reliability of their professional judgment;
- Fair presentation: this principle is based on the obligation to report truthfully and accurately both the findings and any discrepancies with respect to what was expected;
- Due professional care: particular care and diligence must be taken in giving a judgment in the context of an audit. Audit activities must be reflected truthfully through the evidence found;
- Confidentiality: this principle serves to ensure that the information transmitted to the auditor remains secure and confidential and is treated with discretion;
- Independence: is the basis for ensuring the impartiality of the audit and the objectivity of the conclusions reached. Auditors should be independent of the activity being audited and should in any case act in a way that is free from bias and conflicts of interest;
- Evidence-based approach: this last principle constitutes the rational method for arriving at reliable and reproducible conclusions during a systematic auditing process. Audit evidence must be verifiable and based on samples of available information.
To these six principles that were already present in ISO 19011:2012, a seventh has been added that we find in ISO 19011:2018: Risk-based approach: this approach considers risks and opportunities and should substantially influence the planning, conduct and reporting of audits, in order to ensure that the latter are focused on issues that are significant for the client of the verification and for achieving the objectives of the audit program.
The qualities and main characteristics of a good management system auditor include:
- Experience in the sector - To verify the qualifications of the auditors, it is necessary to examine the certifications obtained. However, experience is often what makes the auditor experienced in your sector. The greater the number of audits completed by the auditor, the greater the confidence he acquires in that field;
- Objective decisions - The audit report and its results should not be influenced by anyone. The actions, decisions and summary of the results of the auditor's examination should be the result of a careful analysis of the company's activities based on an approach that seeks evidence and feedback. Therefore, there should be no conflicts of interest or anything that could influence the auditor's decisions. Furthermore, the auditor should not be satisfied with unclear answers and should get to the bottom of any problem. Since the verification of management systems is a process that takes place on a sample basis, the auditor should be able to conclude a meaningful and objective summary in the report, based on what he has witnessed;
- Ability to understand the different business needs - The audit planning and preparation processes and the adaptability necessary to be able to work within various business structures are other important attributes of a good auditor;
- Time management - Adhering to the proposed schedule, attending meetings on time, soliciting feedback on the progress of the work: these characteristics are important for an effective audit;
- Effective communication skills - Clear communication during the entire audit process will create a positive working environment for both the auditee and the auditor. It is important to discuss any observations/non-conformities so that there are no surprises within the audit report.
On the other hand, if there is something that works well in the company's system, the auditor should emphasize it and recognize the excellent work. Auditors should communicate effectively by asking open questions. Then it is time to listen to the auditee's response, record the facts, look at what is happening and check the documents. It is essential to keep company information confidential throughout the entire process, as an auditor can often come across sensitive information that the company would not normally reveal.