Becoming an Auditor - A guide through the jungle of myths and training offers

Jun 15 2022

How do I become an auditor? What training do I need?  Do I have the necessary qualifications? And what is the difference between first, second- and third-party auditor?

If you are faced with similar questions, or perhaps as a human resources manager or managing director you are thinking about the qualification of auditors or suspect that you are not yet utilizing the full potential of audits, we would like to give you an overview with our technical article.


The managing director of a medium-sized company greeted me during an audit with the words "So you are our auditor. I would like to have a job like that someday. Drinking coffee all day and asking funny questions". What was expressed in a joking manner meets a widespread view of what constitutes the job of an auditor.

We often receive completely different feedback from participants in our auditor training courses: "I didn't know how strenuous auditing is. Knowing the standard requirements, formulating questions, actively listening, taking notes, recognizing deviations, and remaining friendly when the person you are talking to doesn't feel like auditing... And all this at the same time, i.e., in multitasking mode".

Sometimes the requirements for (internal) auditors are underestimated, they are not sufficiently prepared, qualified, and continuously trained. Lone warriors do not get sufficient professional feedback and are left alone with problems.

Yet audits are an important instrument for

2nd Party Audits
  • detecting ineffective and non-compliant processes (i.e., identify failure costs)
  • identifying possible future risks and improvement potentials
  • detecting non-compliance with legal requirements (i.e., minimize liability risks).

Instead, they are sometimes seen as a chore (especially on the side of the audited areas) that "you have to do for the external audit, but actually contribute nothing and cost a lot." 

Yes, audits are an investment. But what companies gain from them is determined by the quality of the audits and the auditors. Poorly planned and executed audits, on the other hand, cost money because they add no value except formal compliance with a standard requirement.


There are different types of audits, distinguishing between the following two questions: What is being audited? Which target group is being audited?

#WeAreHereForYou – Durchführung von Zertifizierungsaudits in Zeiten von Corona
  • Product audits: Here, the conformity of the product quality is audited.

  • Process audits: Processes are audited for compliance with specifications, standard and legal requirements, as well as their effectiveness (Effectiveness: Are we achieving our intended goals?).
  • System audits: The management system is checked for compliance with a standard (e.g. ISO 9001, ISO 14001, ISO 27001) and the self-formulated policies, goals and obj

Depending on the structure of the management system, these system audits can be performed based on at least one management system standard (e.g. ISO 9001 for quality management, ISO 45001 for occupational health and safety management). If at least 2 standards are used at the same time, we speak of so-called integrated audits, i.e., the auditor evaluates compliance with the requirements of all applicable standards and associated legal requirements.


  • In the own company (internal audits or also first party audits).
  • At suppliers (supplier audits or second party audits)

  • As an independent third party at other companies (third party audits).

Is everyone allowed to audit everything?


Companies with implemented management systems need internal auditors and, for supply chain assurance, also auditors who are involved in supplier selection and qualification, i.e., 1st and 2nd party auditors.

What qualifications should they have? Chapter 7 of ISO 19011:2018 "Guidance for auditing management systems" provides a good orientation.


"Auditors should have the following:

  1. the knowledge and skills necessary to achieve the intended objectives of the audits

  2. general competence and some degree of discipline and industry specific knowledge and skills.

Audit team leaders should have the additional knowledge and skills necessary to lead the audit team."

Detailed requirements are outlined in the remaining sections of the chapter.
Briefly summarized, it can be said that internal auditors must have the following competencies:

  • Knowledge of standards
  • Knowledge of applicable legal and regulatory requirements
  • Process and organizational knowledge
  • Audit methodology, processes
  • Social skills (e.g. interviewing, conflict management, time management)

  • Solid personality ("standing").

Auditors who lead and guide (internal) audit teams also need the appropriate leadership skills.

For audits by "independent third parties", knowledge of ISO 17021 is also required.

Independent of the personal vocation of an auditor, several technical and methodological skills are expected. And these must be maintained, e.g. through further training, exchange of experience etc.

We strongly recommend the acquisition of knowledge of standards and law, e.g. through external training. Reading a standard, laws or books is not a substitute for learning how to interpret them from experienced auditors and trainers, only a supplement. Audit methodology also cannot be learned by reading about it, but by gaining experience, applying it in the protected setting of a training course, and receiving ongoing feedback from other auditors and/or mentors. Social skills can be enhanced, if necessary, through interviewing and conflict management training. Good auditor training already includes these aspects.


A tip for HR managers, managing directors and those responsible for management positions

Auditors acquire skills that are quite relevant for possible management positions, e.g.

Kundenspezifische Audits
  • Understanding of processes and organization

  • Knowledge of law and standards, especially regarding the responsibility of management in the context of management system

  • Methodical and social skills, e.g., acquiring and retaining the ability to lead discussions, dealing with conflicts and difficult situations, time management.

Temporary work as an auditor is also an opportunity for personnel development, especially for junior managers who "still have to prove themselves" before they grow into a management position. 


If we come back to the question of whether everyone can and should audit everything, our clear answer is: NO. And this no is not only derived from the guideline ISO 19011 but mainly from business points of view. A success factor for effective and efficient audits of management systems or suppliers are trained auditors with knowledge of standards and law as well as strong social skills. If these are missing, this can lead to important aspects of their management system, compliance with legal requirements not being assessed and identified as a risk. In the worst case, this can be not only expensive but also unpleasant in terms of liability. The acceptance of management systems and the corporate culture can be promoted through targeted and well-managed audits. Audit skills are also a possible building block as a personnel development tool.

Time for action? Make the competence check and audits an instrument for your company's success.

Do you have questions?
Contact us