Module 5: Auditor Competence – Knowledge, Skills, and Attributes for Effective OH&S Auditing #

Auditor Competency #

To effectively fulfill their roles, lead auditors must possess a comprehensive set of knowledge and skills as outlined in ISO 19011:2018. This standard provides guidance on auditing management systems, emphasizing the competence requirements for auditors. Below is an extensive overview of the essential knowledge and skills required for lead auditors:

1. Personal Attributes #

Lead auditors should exhibit personal behaviors that enable them to act ethically and professionally:

1. Ethical, i.e. fair, truthful, sincere, honest and discreet;
2. Open-minded, i.e. willing to consider alternative ideas or points of view;
3. Diplomatic, i.e. tactful in dealing with people;
4. Collaborative, i.e. effectively interacting with others;
5. Observant, i.e. actively aware of physical surroundings and activities;
6. Perceptive, i.e. instinctively aware of and able to understand situations;
7. Versatile, i.e. adjusts readily to different situations;
8. Tenacious, i.e. persistent and focused on achieving objectives;
9. Decisive, i.e. reaches timely conclusions based on logical reasoning and analysis;
10. Self-reliant, i.e. acts and functions independently;
11. Professional, i.e. exhibiting a courteous, conscientious and generally business-like demeanor in the workplace;
12. Morally courageous, i.e. willing to act responsibly and ethically even though these actions may not always be popular and may sometimes result in disagreement or confrontation;
13. Organized, i.e. exhibiting effective time management, prioritization, planning, and efficiency..

2. Knowledge and Skills #

a. Knowledge of Business Management Practices: #

Understanding general organizational types, governance, structures, workplace practices, information and data systems, documentation systems, and information technology.

b. Audit Principles, Procedures, and Techniques #

Lead auditors should have a thorough understanding of audit principles and be proficient in applying audit procedures and techniques, including:

• Audit Planning: Developing audit plans that align with audit objectives.
• Audit Execution: Conducting audits systematically, including collecting and verifying information.
• Audit Reporting: Preparing clear and concise audit reports.
• Follow-up Activities: Monitoring the implementation of audit recommendations.

c. Management System Standards and Reference Documents #

Comprehension of the management system standard or other normative documents specified for certification, sufficient to determine effective implementation and conformity about the specific management system standards relevant to the audit, such as:

• ISO 9001: Quality Management Systems.
• ISO 14001: Environmental Management Systems.
• ISO 45001: Occupational Health and Safety Management Systems.
• ISO/IEC 27001: Information Security Management Systems.

They should also be familiar with applicable legal and regulatory requirements.

d. Knowledge of Certification Body’s Processes: #

To effectively fulfill their role, a management system auditor must do more than understand the ISO standard being audited (e.g., ISO 9001, ISO 14001, ISO 45001); they must also have a working knowledge of how their certification body (CB) operates.

This includes understanding the full certification process and procedures, from initial client engagement to audit planning, execution, reporting, and decision-making. Each certification body has documented procedures aligned with ISO/IEC 17021-1 and other applicable IAF/ISO documents. Auditors must be competent in applying these procedures consistently.

e. Knowledge of Client’s Business Sector: #

Understanding the client’s business sector enables auditors to:

• Accurately interpret how sector-specific processes align with management system requirements.
• Identify sector-related risks and opportunities that may impact the effectiveness of the management system.
• Assess compliance with applicable legal and regulatory requirements pertinent to the sector.
• Evaluate the adequacy of sector-specific controls and performance metrics.

IAF Requirements and Guidance #

IAF ID 1:2023 – Informative Document for QMS and EMS Scopes of Accreditation

IAF ID 1:2023 provides guidance on defining scopes of accreditation for Quality Management Systems (QMS) and Environmental Management Systems (EMS). It underscores the necessity for auditors to have competence in the specific industry sectors they audit, ensuring they can effectively assess sector-specific processes and environmental aspects.

IAF MD 22:2023 – Application of ISO/IEC 17021-1 for OH&SMS Certification

IAF MD 22:2023 emphasizes that certification bodies must ensure auditors have sector-specific knowledge relevant to the scope of the Occupational Health and Safety Management System (OH&SMS) being audited. This includes understanding industry-specific hazards, risk controls, and legal requirements..

f. Knowledge of Client Products, Processes, and Organization: #

Insight into the types of products or processes of a client to understand organizational operations and application of management system requirements.

• Understand the organization’s core products and services, processes needed and their interactions, and how they are delivered or produced.
• Identify the key internal and external issues that influence the organization’s ability to consistently deliver intended results.
• Recognize the interested parties relevant to the organization and how their expectations affect product and process requirements.
• Interpret how the organization determines and applies the scope of its QMS in relation to its product lines and operational boundaries.
• Be familiar with the complete process flow—from customer requirements, design and development (if applicable), procurement, production/service delivery, to final release.
• Assess how risks and opportunities related to products and processes are identified and planned for within the management system.
• Evaluate how the organization’s quality objectives are linked to its products, services, and operational performance.
• Understand how product specifications, technical requirements, and performance indicators are managed within the QMS.
• Analyze how controls are applied to ensure conformity of products and services during production, service delivery, and after-sales processes.
• Evaluate the handling of outsourced processes and supplier controls related to product and service realization.
• Examine how nonconforming outputs are managed, including criteria for product release and corrective action.
• Understand the organization’s structure, resources, and responsibilities that support the consistent application of QMS requirements to its products and operations.
• Apply a process-based audit approach that connects documented procedures and QMS controls directly to the actual production or service provision.

g. Organizational Context #

Understanding the auditee’s organizational context is crucial, including:

• Organizational Structure and Processes: Comprehending how the organization operates.
• Business Environment: Recognizing external factors that affect the organization.
• Risk Management: Identifying and assessing risks relevant to the audit.

h. Applicable Laws, Regulations, and Other Requirements #

Lead auditors should be aware of and understand the legal and regulatory frameworks applicable to the auditee’s operations, ensuring audits consider compliance obligations.

i. Customer Requirements #

Recognizing and evaluating how the organization meets customer requirements is essential, particularly in quality management system audits.

3. Skills #

a. Interpersonal Skills #

Effective communication and interpersonal skills are vital for lead auditors to:

• Conduct Interviews: Engaging with auditees to gather information.
• Facilitate Meetings: Leading opening and closing meetings effectively.
• Resolve Conflicts: Addressing and managing disagreements constructively.

b. Analytical Skills #

Lead auditors should be capable of:

• Data Analysis: Interpreting and evaluating information accurately.
• Problem-Solving: Identifying issues and determining root causes.
• Decision-Making: Making informed judgments based on audit evidence.

c. Leadership Skills #

As leaders of audit teams, they must:

• Manage Teams: Coordinating and guiding audit team members.
• Delegate Tasks: Assigning responsibilities effectively.
• Ensure Objectivity: Maintaining impartiality throughout the audit process.

d. Language Skills Appropriate to All Levels Within the Client Organization: #

Ability to communicate effectively with individuals at any organizational level using appropriate terms and expressions.

e. Notetaking and Report-writing Skills: #

Capability to read and write with sufficient speed and accuracy to record notes and effectively communicate audit findings and conclusions.

f. Presentation Skills: #

Ability to present audit findings and conclusions clearly and understandably, including public presentations during meetings.

g. Interviewing Skills: #

Proficiency in obtaining relevant information through open-ended, well-formulated questions and active listening.

h. Audit-management Skills: #

Competence in conducting and managing audits to achieve objectives within agreed timeframes, including facilitating meetings and assigning tasks as necessary.

4. Competence Evaluation and Maintenance #

Organizations should establish processes to evaluate and maintain auditor competence, including:

• Initial Evaluation: Assessing knowledge, skills, and personal attributes before assigning audit responsibilities.
• Ongoing Monitoring: Regularly reviewing auditor performance and providing feedback.
• Continual Professional Development: Encouraging auditors to engage in ongoing learning to keep skills and knowledge up to date.