Why training your Internal Auditors matters

Internal Auditor Training

ISO Standards require competence and that includes your Internal Auditors

All the ISO Management System Standards (MSS) since 2010 (adopting the High-level Structure- HLS) require that personnel be competent in their work.  So, while there are no specific requirements in these Standards for internal auditor training courses to be given, there is an implicit requirement that they be competent. 

And Guidelines for Auditing Management Systems as set out in ISO 19011 (see below) list many areas of knowledge and skill that auditors need.

The Risks and Opportunities you need to be aware of:

Auditing against Procedure alone is only half the job!

Historically, it has been common practice for CAB (external) Auditors to accept internal audit programmes based solely on auditing Procedures.  With the HLS, this practice is changing.  There are now several areas of MSS requirements where written procedures are unlikely to exist.

Here there is a need for solid evidence of these requirements having been audited (e.g. Context of the Organization, the needs and expectations of interested parties, Planning activities, adequate Support/Resource activities, etc.).  Internal auditors will need to produce credible Audit Reports in these areas.

Unknown number on Non-compliances left to be found by External AuditorsWhat is Certified Auditor Training

Untrained auditors will often walk past non-conformances (sometimes literally) and leave then to be found when next you have a CAB Audit.  These are surprises you can do without.

Unknown number on Non-compliances left to be found during Customer Audits

These same ‘missed’ non-conformances are there also when Customers and prospective Customers come to audit your operations.  How much business are you going to forego?  Will it cost you your job?

Opportunities for money-saving improvements missed

The occasion of an internal audit, where your auditors are interviewing staff members, is an ideal one on which to ask about: what needs improving, what should we be doing better? what changes would make like easier and work more efficient?

And this can be done without any extra cost with the information coming directly from those who do the actual work, and arguably best placed to suggest changes/improvements.

What the ISO Guidelines on Auditing say:

ISO 19011:2011, The Guidelines for Auditing Management Systems, in addressing auditor competence, sets out three areas where knowledge and skills are required, namely,

  1. Audit principles, procedures and techniques
  3. Management system and reference documents
  5. Applicable legal and other requirements that apply to the auditee to enable the auditor to work within, and be aware of, the organization’s legal and contractual requirements.


Be a Certified Internal Auditor

Relating to the first of these it states:

“Auditors should have knowledge and skills in the following areas:

a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different audits and ensure that audits are conducted in a consistent and systematic manner. An auditor should be able:
  • to apply audit principles, procedures, methods and techniques;
  • to plan and organize the work effectively;
  • to conduct the audit within the agreed time schedule;
  • to prioritize and focus on matters of significance;
  • to collect information through effective interviewing, listening, observing and reviewing documents, records and data;
  • to understand the appropriateness and consequences of using sampling techniques for auditing;
  •  to verify the accuracy of collected information;
  • to confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions;
  • to assess those factors that may affect the reliability of the audit findings and conclusions;
  • to use work documents to record audit activities;
  • to prepare audit reports;
  • to maintain the confidentiality and security of information; 
  • to communicate effectively, orally and in writing (including provisions for use of interpreters and translators);
  • to understand the types of risks associated with auditing.”

How well do your internal auditors match these requirements?


The Answer: Formal Training and a Development Program for your Auditors

For details of the ISO Auditor Online Training options we have available online, please visit our

Online Internal Auditor Training overview,

There are also more targeted options.

monthly email sign-up

Related Articles


Written by Dr John FitzGerald

Director and founder of deGRANDSON Global. After 15 years in the manufacturing industry, John has spent the past 25 years training, consulting and auditing ISO 9001 and other management systems.

Subscribe to Email Updates


Recent Posts

Posts by Topic