How do I become an auditor? What training do I need? Do I have the necessary qualifications? And what is the difference between first, second- and third-party auditor?
If you are faced with similar questions, or perhaps as a human resources manager or managing director you are thinking about the qualification of auditors or suspect that you are not yet utilizing the full potential of audits, we would like to give you an overview with our technical article.
VIEWS ON AUDITORS AND THEIR IMPORTANCE IN THE COMPANY
The managing director of a medium-sized company greeted me during an audit with the words "So you are our auditor. I would like to have a job like that someday. Drinking coffee all day and asking funny questions". What was expressed in a joking manner meets a widespread view of what constitutes the job of an auditor.
We often receive completely different feedback from participants in our auditor training courses: "I didn't know how strenuous auditing is. Knowing the standard requirements, formulating questions, actively listening, taking notes, recognizing deviations, and remaining friendly when the person you are talking to doesn't feel like auditing... And all this at the same time, i.e., in multitasking mode".
Sometimes the requirements for (internal) auditors are underestimated, they are not sufficiently prepared, qualified, and continuously trained. Lone warriors do not get sufficient professional feedback and are left alone with problems.
Yet audits are an important instrument for
Instead, they are sometimes seen as a chore (especially on the side of the audited areas) that "you have to do for the external audit, but actually contribute nothing and cost a lot."
Yes, audits are an investment. But what companies gain from them is determined by the quality of the audits and the auditors. Poorly planned and executed audits, on the other hand, cost money because they add no value except formal compliance with a standard requirement.
TYPES OF AUDITS
There are different types of audits, distinguishing between the following two questions: What is being audited? Which target group is being audited?
Depending on the structure of the management system, these system audits can be performed based on at least one management system standard (e.g. ISO 9001 for quality management, ISO 45001 for occupational health and safety management). If at least 2 standards are used at the same time, we speak of so-called integrated audits, i.e., the auditor evaluates compliance with the requirements of all applicable standards and associated legal requirements.
THESE AUDITS CAN BE CARRIED OUT
- In the own company (internal audits or also first party audits).
-
At suppliers (supplier audits or second party audits)
-
As an independent third party at other companies (third party audits).
Is everyone allowed to audit everything?
REQUIREMENTS FOR AUDITORS
Companies with implemented management systems need internal auditors and, for supply chain assurance, also auditors who are involved in supplier selection and qualification, i.e., 1st and 2nd party auditors.
What qualifications should they have? Chapter 7 of ISO 19011:2018 "Guidance for auditing management systems" provides a good orientation.
HERE, 7.2.3.1 STATES.
"Auditors should have the following:
the knowledge and skills necessary to achieve the intended objectives of the audits
general competence and some degree of discipline and industry specific knowledge and skills.
Audit team leaders should have the additional knowledge and skills necessary to lead the audit team."
Detailed requirements are outlined in the remaining sections of the chapter.
Briefly summarized, it can be said that internal auditors must have the following competencies:
- Knowledge of standards
- Knowledge of applicable legal and regulatory requirements
- Process and organizational knowledge
- Audit methodology, processes
-
Social skills (e.g. interviewing, conflict management, time management)
-
Solid personality ("standing").
Auditors who lead and guide (internal) audit teams also need the appropriate leadership skills.
For audits by "independent third parties", knowledge of ISO 17021 is also required.
Independent of the personal vocation of an auditor, several technical and methodological skills are expected. And these must be maintained, e.g. through further training, exchange of experience etc.
We strongly recommend the acquisition of knowledge of standards and law, e.g. through external training. Reading a standard, laws or books is not a substitute for learning how to interpret them from experienced auditors and trainers, only a supplement. Audit methodology also cannot be learned by reading about it, but by gaining experience, applying it in the protected setting of a training course, and receiving ongoing feedback from other auditors and/or mentors. Social skills can be enhanced, if necessary, through interviewing and conflict management training. Good auditor training already includes these aspects.
WHICH OF OUR BUREAU VERITAS TRAININGS IS THE RIGHT FIT FOR YOU AND YOUR AUDITORS?
A tip for HR managers, managing directors and those responsible for management positions
Auditors acquire skills that are quite relevant for possible management positions, e.g.
Summary
If we come back to the question of whether everyone can and should audit everything, our clear answer is: NO. And this no is not only derived from the guideline ISO 19011 but mainly from business points of view. A success factor for effective and efficient audits of management systems or suppliers are trained auditors with knowledge of standards and law as well as strong social skills. If these are missing, this can lead to important aspects of their management system, compliance with legal requirements not being assessed and identified as a risk. In the worst case, this can be not only expensive but also unpleasant in terms of liability. The acceptance of management systems and the corporate culture can be promoted through targeted and well-managed audits. Audit skills are also a possible building block as a personnel development tool.