ISO 19011:2018 - Guidelines for auditing management systems
7 Competence and evaluation of auditors
7.2 Determining auditor competence
7.2.3 Knowledge and skills
Auditors should possess:
a) the knowledge and skills necessary to achieve the intended results of the audits they are expected to perform;
b) generic competence and a level of discipline and sector-specific knowledge and skills.
Audit team leaders should have the additional knowledge and skills necessary to provide leadership to the audit team.
Auditors should have knowledge and skills in the areas outlined below.
a) Audit principles, processes and methods: knowledge and skills in this area enable the auditor to ensure audits are performed in a consistent and systematic manner.
An auditor should be able to:
- understand the types of risks and opportunities associated with auditing and the principles of the risk-based approach to auditing;
- plan and organize the work effectively;
- perform the audit within the agreed time schedule;
- prioritize and focus on matters of significance;
- communicate effectively, orally and in writing (either personally, or through the use of interpreters);
- collect information through effective interviewing, listening, observing and reviewing documented information, including records and data;
- understand the appropriateness and consequences of using sampling techniques for auditing;
- understand and consider technical experts’ opinions;
- audit a process from start to finish, including the interrelations with other processes and different functions, where appropriate;
- verify the relevance and accuracy of collected information;
- confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions;
- assess those factors that may affect the reliability of the audit findings and conclusions;
- document audit activities and audit findings, and prepare reports;
- maintain the confidentiality and security of information.
b) Management system standards and other references: knowledge and skills in this area enable the auditor to understand the audit scope and apply audit criteria, and should cover the following:
- management system standards or other normative or guidance/supporting documents used to establish audit criteria or methods;
- the application of management system standards by the auditee and other organizations;
- relationships and interactions between the management system(s) processes;
- understanding the importance and priority of multiple standards or references;
- application of standards or references to different audit situations.
c) The organization and its context: knowledge and skills in this area enable the auditor to understand the auditee’s structure, purpose and management practices and should cover the following:
- needs and expectations of relevant interested parties that impact the management system;
- type of organization, governance, size, structure, functions and relationships;
- general business and management concepts, processes and related terminology, including planning, budgeting and management of individuals;
- cultural and social aspects of the auditee.
d) Applicable statutory and regulatory requirements and other requirements: knowledge and skills in this area enable the auditor to be aware of, and work within, the organization’s requirements. Knowledge and skills specific to the jurisdiction or to the auditee’s activities, processes, products and services should cover the following:
- statutory and regulatory requirements and their governing agencies;
- basic legal terminology;
- contracting and liability.
NOTE Awareness of statutory and regulatory requirements does not imply legal expertise and a management system audit should not be treated as a legal compliance audit.
Audit teams should have the collective discipline and sector-specific competence appropriate for auditing the particular types of management systems and sectors.
The discipline and sector-specific competence of auditors include the following:
a) management system requirements and principles, and their application;
b) fundamentals of the discipline(s) and sector(s) related to the management systems standards as applied by the auditee;
c) application of discipline and sector-specific methods, techniques, processes and practices to enable the audit team to assess conformity within the defined audit scope and generate appropriate audit findings and conclusions;
d) principles, methods and techniques relevant to the discipline and sector, such that the auditor can determine and evaluate the risks and opportunities associated with the audit objectives.
In order to facilitate the efficient and effective conduct of the audit an audit team leader should have the competence to:
a) plan the audit and assign audit tasks according to the specific competence of individual audit team members;
b) discuss strategic issues with top management of the auditee to determine whether they have considered these issues when evaluating their risks and opportunities; c) develop and maintain a collaborative working relationship among the audit team members; d) manage the audit process, including:
- making effective use of resources during the audit; - managing the uncertainty of achieving audit objectives;
- protecting the health and safety of the audit team members during the audit, including ensuring compliance of the auditors with the relevant health and safety, and security arrangements; - directing the audit team members;
- providing direction and guidance to auditors-in-training;
- preventing and resolving conflicts and problems that can occur during the audit, including those within the audit team, as necessary. e) represent the audit team in communications with the individual(s) managing the audit programme, the audit client and the auditee; f) lead the audit team to reach the audit conclusions; g) prepare and complete the audit report. When auditing multiple discipline management systems, the audit team member should have an understanding of the interactions and synergy between the different management systems. Audit team leaders should understand the requirements of each of the management system standards being audited and recognize the limits of their competence in each of the disciplines. NOTE Audits of multiple disciplines done simultaneously can be done as a combined audit or as an audit of an integrated management system that covers multiple disciplines. . Copyright © 2021 OSH ISIS