ISO Standards require competence and that includes the competency of your Internal Auditors
All the ISO Management System Standards (MSS) since 2010 (adopting the High-level Structure- HLS) require that personnel be competent in their work. So, while there are no specific requirements in these Standards for internal auditor training courses to be given, there is an implicit requirement that they be competent.
And Guidelines for Auditing Management Systems as set out in ISO 19011 (see below) list many areas of knowledge and skill that auditors need.
The four Risks and Opportunities you need to be aware of:
When you address internal audit requirements with untrained audit program managers and/or untrained internal auditors, here are the significant risks you run ...
1. Auditing against Procedure alone is only half the job!
Historically, it has been common practice for CAB (external) Auditors to accept internal audit programmes based solely on auditing Procedures. With the HLS, this practice has changed. There are now several areas of MSS requirements where written procedures are unlikely to exist.
Here there is a need for solid evidence of these requirements having been audited (e.g. Context of the Organization, the needs and expectations of interested parties, Planning activities, adequate Support/Resource activities, etc.). Internal auditors will need to produce credible Audit Programs and Audit Reports in these areas.
Untrained auditors will often walk past non-conformances (sometimes literally) and leave them to be found when next you have a CAB Audit. These are surprises you can do without. Are Major Noncompliances going to cost your business its ISO Certification?
3. Unknown number on Non-compliances left to be found during Customer Audits
These same ‘missed’ non-conformances are there also when Customers and prospective Customers come to do a Supplier Audit of your operations. How much business are you going to forego? Will it cost you your job?
4. Opportunities for money-saving improvements missed
The occasion of an internal audit, where your auditors are interviewing staff members, is an ideal one on which to ask about: what needs improving? what should we be doing better? what changes would make like easier and work more efficient?
And this can be done without any extra cost with the information coming directly from those who do the actual work, and arguably best placed to suggest changes/improvements.
What the ISO Guidelines on Auditing say:
ISO 19011:2011, The Guidelines for Auditing Management Systems, in addressing auditor competence, sets out three areas where knowledge and skills are required, namely,
- Audit principles, procedures and techniques
- Management system and reference documents
- Applicable legal and other requirements that apply to the auditee to enable the auditor to work within, and be aware of, the organization’s legal and contractual requirements.
Relating to the first of these it states:
“Auditors should have knowledge and skills in the following areas:a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different audits and ensure that audits are conducted in a consistent and systematic manner. An auditor should be able:
- to apply audit principles, procedures, methods and techniques;
- to plan and organize the work effectively;
- to conduct the audit within the agreed time schedule;
- to prioritize and focus on matters of significance;
- to collect information through effective interviewing, listening, observing and reviewing documents, records and data;
- to understand the appropriateness and consequences of using sampling techniques for auditing;
- to verify the accuracy of collected information;
- to confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions;
- to assess those factors that may affect the reliability of the audit findings and conclusions;
- to use work documents to record audit activities;
- to prepare audit reports;
- to maintain the confidentiality and security of information;
- to communicate effectively, orally and in writing (including provisions for use of interpreters and translators);
- to understand the types of risks associated with auditing.”
How well do your internal auditors match these requirements?
The Answer: Formal Training and a Development Program for your Auditors
For details of the ISO Auditor Online Training options we have available online, please visit our
Online Internal Auditor Training overview,
There are also more targeted options.
- For Auditors with knowledge of the Standard but poor auditing skills, see Internal Auditor Skills Training to ISO 19011.
- For Auditors with good auditing skills but lack knowledge of the Standard, see our Extension Programs
- For skilled Auditors requiring knowledge of new or revised Standards, see Conversion Programs
- For skilled auditors who want to combine certification for two standards, see Integrated Management System (IMS) courses.
Note: This post was first published in Apr 2018; revised and updated in Jun 2021.