Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Nov 19, 2020.
How competent in the ISO requirements does an internal auditor have to be?
Good prompt @Andy Nichols .
ISO 9001 (for example) indicates "the organization shall determine... necessary competence.." (7.2)
This obviously is somewhat gray and leave it up to, as it states, the organization.
ISO 19011, as defined within same,..."...does not state requirements, but provides guidance..."
Although ISO 19011 uses the word "competence" 54 times, it is a useful guide, but ONLY a guide.
Competence within ISO 9000:2015 (3.10.4) is defined as "the ability to apply knowledge to achieve intended results"
What are the intended results? Per ISO 9001:2015 (9.2.1) "...provide information on whether the quality management system...
a) conforms to 1) the organization's own requirements, 2) the requirements of the international standard,
b) is effectively implemented and maintained
Evidence of competence, therefore, is being able to show that the internal audit process is providing those intended results.
Based on all of this, the short answer is , there is NO requirement specific to the "...necessary competence..." of an internal auditor.
We can infer, however, that in context, the requirement in ISO 9001 (7.2) is that internal auditors need indeed be competent, just not to a specific level of competence as, again, the "...necessary....(amount) competence...." is left to the organization to determine.
Based on my professional experiences, I do indeed advocate for internal auditors receiving proper training and mentorship. Indeed, I advocate for internal auditors to be highly competent. However, in terms of what is REQUIRED,....very little specifics are stated beyond the need for the organization to determine what is necessary. My vote, based on the available answers and facts stated in the applicable guides and governing standards, is...
"c"- Competent but not an ISO requirement" (maybe a better answer option would be "d"- competent at a level determined by the organization)
I suppose it depends on what is expected of them and by whom. I audited to 9001, 14001 and 18001 while in the semiconductor industry. A good understanding of the standard helped me to help my employer maintain preparedness for our CB audits, but the site's Quality Manager wished I instead delved deeply into process failure modes. So, it comes down to the definition of success for that process.
...Just my 2 cents...
What a loaded question!
While @John C. Abnet correctly points out there is no specific requirement, competency really runs the gamut here. There's competency with the standard (and applying the concepts, not just verbatim regurgitation), competency in understanding the company's QMS and processes, competency in organizing audits, competency in interviewing and dealing with people, competency in identifying issues and potential issues, competency in writing correct findings, etc.
A 'somewhat competent' auditor may tick the box but not help the company.
I like this! I am running the same poll at Linkedin, too. There's been a good response there (it's in an auditor forum) and a number of "somewhat competent" voters. I like this response because it deals with many competencies which are frequently overlooked, in my experience.
Separate names with a comma.