1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Internal Auditor Competency

Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Nov 19, 2020.

?

How competent in the ISO standard (9001, 14001 etc) does an internal auditor need to be?

Poll closed Dec 19, 2020.

  1. Highly Competent

    0 vote(s)
    0.0%

  2. Somewhat Competent

    0 vote(s)
    0.0%

  3. Competent, but not on ISO requirements

    1 vote(s)
    100.0%
  1. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,107
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    How competent in the ISO requirements does an internal auditor have to be?
     
    Andy Nichols, Nov 19, 2020
    #1
  2. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good prompt @Andy Nichols .

    So...
    ISO 9001 (for example) indicates "the organization shall determine... necessary competence.." (7.2)

    This obviously is somewhat gray and leave it up to, as it states, the organization.

    ISO 19011, as defined within same,..."...does not state requirements, but provides guidance..."
    Although ISO 19011 uses the word "competence" 54 times, it is a useful guide, but ONLY a guide.

    Competence within ISO 9000:2015 (3.10.4) is defined as "the ability to apply knowledge to achieve intended results"

    What are the intended results? Per ISO 9001:2015 (9.2.1) "...provide information on whether the quality management system...
    a) conforms to 1) the organization's own requirements, 2) the requirements of the international standard,
    b) is effectively implemented and maintained

    Evidence of competence, therefore, is being able to show that the internal audit process is providing those intended results.


    Based on all of this, the short answer is , there is NO requirement specific to the "...necessary competence..." of an internal auditor.

    We can infer, however, that in context, the requirement in ISO 9001 (7.2) is that internal auditors need indeed be competent, just not to a specific level of competence as, again, the "...necessary....(amount) competence...." is left to the organization to determine.



    Summary:
    Based on my professional experiences, I do indeed advocate for internal auditors receiving proper training and mentorship. Indeed, I advocate for internal auditors to be highly competent. However, in terms of what is REQUIRED,....very little specifics are stated beyond the need for the organization to determine what is necessary. My vote, based on the available answers and facts stated in the applicable guides and governing standards, is...
    "c"- Competent but not an ISO requirement" (maybe a better answer option would be "d"- competent at a level determined by the organization)

    Be well.
     
    John C. Abnet, Nov 19, 2020
    #2
  3. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    I suppose it depends on what is expected of them and by whom. I audited to 9001, 14001 and 18001 while in the semiconductor industry. A good understanding of the standard helped me to help my employer maintain preparedness for our CB audits, but the site's Quality Manager wished I instead delved deeply into process failure modes. So, it comes down to the definition of success for that process.
    ...Just my 2 cents...
     
    Jennifer Kirley, Nov 20, 2020
    #3
  4. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    What a loaded question! :)

    While @John C. Abnet correctly points out there is no specific requirement, competency really runs the gamut here. There's competency with the standard (and applying the concepts, not just verbatim regurgitation), competency in understanding the company's QMS and processes, competency in organizing audits, competency in interviewing and dealing with people, competency in identifying issues and potential issues, competency in writing correct findings, etc.

    A 'somewhat competent' auditor may tick the box but not help the company.
     
    yodon, Nov 20, 2020
    #4
    Andy Nichols likes this.
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,107
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I like this! I am running the same poll at Linkedin, too. There's been a good response there (it's in an auditor forum) and a number of "somewhat competent" voters. I like this response because it deals with many competencies which are frequently overlooked, in my experience.
     
    Andy Nichols, Nov 20, 2020
    #5