Internal Auditing

Auditing the Auditors

by Don Brecken

What to look for when assessing auditor competence

hat should an auditor expect

to find when auditing an organizations internal quality
audit program? What level of audit
skills should be present? Where
should he or she look to find these
skills? Where should he or she begin?
The most obvious place to start
when auditing an organizations internal quality audit program is with the
quality audit procedure. Requirements
for this procedure are described in
ISO 9001 clause 8.2.2. Though not
required, the organization should reference ISO 19001 for guidance when
developing its quality audit procedure
and program. If an organizations
internal audit program is found to be
subpar, its often a result of its failure
to embrace ISO 19001s guidance
when developing its program.
The ISO 9001 Auditing Practices
Group has published several helpful

Check Points
ISO 19011 is an excellent
source for assessing auditor
qualifications, but compliance to
it isnt required by ISO 9001.
The ISO 9001 Auditing Practices
Group has published several
guidance documents and papers
that describe how to best assess
auditor qualifications and the
efficiency of an organizations
internal quality audit program.
Consider using a matrix or
another type of spreadsheet to
keep track of auditor training
and certifications, and make this
document available to third-party
auditors to demonstrate your
internal auditors qualifications.

sizes the importance of employee

guidance documents on various topcompetence and minimizes the
ics related to the ISO 9000 series of
prescriptive qualification criteria
standards. Making Effective Use of
for auditors that was deISO 19011 is one such
scribed in ISO 10011-2.
guidance document. This
Although ISO
document provides guid9001 references The paper defines competence as demonstrated
ance for first-, second-,
ISO 19011 in
personal attributes and
and third-party auditing
of quality management its clause 8.2.2, demonstrated ability to
apply knowledge and
systems (QMS).
third-party
skills. This guidance
Although ISO 9001
auditors shouldnt
places less importance
references ISO 19011
expect the
on prescribed levels of
in its clause 8.2.2, thirdparty auditors shouldnt
organization to education, workplace,
and auditing experiexpect the organization
comply with
ence, and numbers of
to comply with these
these
guidelines.
completed audits.
guidelines. The standard
Peter G. Northouse,
contains options relating
author of Leadership: Theory and
to auditing methods and auditor comPractice (Sage Publications Inc.,
petence, but these suggestions arent
2009), defines leadership skills as
mandatory. The guidance document
the ability to use ones knowlfurther indicates, It is up to each
edge and competencies to accomthird-party auditing body to use the
plish a set of goals or objectives.
guidelines to the extent appropriate
Can we as third-party auditors
to their needs and relevance to their
expect to find different kinds of
own working practices. Although
skills required at different levels
helpful, this shouldnt include exof an audited organization? Should
pecting an audited organization to
we expect to find the same within
conform to ISO 19011.
an internal quality audit program?
Often forgotten when auditing
According to Northouse, technical
an internal audit program is ISO
skills necessary at different levels
9001s clause 6.2.2, which pertains
of the organization will vary deto employee competence, training,
pending on the level of leadership.
and awareness. Audit team members,
He suggests that technical skill
just like anyone else in an organizais more important for lower- and
tion, need to maintain certain skills
middle-level leaders than it is for
to perform their jobs effectively.
top leaders.
Another ISO 9001 Auditing Prac The Northouse claim may not
tices Group paper, Making Effechold true for an organizations
tive Use of ISO 19011 provides
internal audit program, in which
guidance on the competence and
the audit program leader will
evaluation of auditors. The latest
likely have far more experience
version of this document empha-

Comments? feedback@theauditoronline.com

The Auditor JANUARYFEBRUARY 2011 17

Internal Auditing
Figure 1: Auditor Qualification Matrix
Department manager: Don Brecken (for qualifying employees to perform internal audits and MR duties)

One witnessed audit by lead

auditor

Approved internal auditor

course or equivalant

Aerospacespecific internal
auditor cert

One witnessed audit by lead

auditor

Achieved advanced auditor

certification

x x

7 Andy Gumieny

x x

8 Duane Bruin

x x

9 Ryan Pohl (inactive)

Management representative
ISO 5.5.2

One observed audit with lead

auditor

Business improvement auditor

ISO 19011 guidelines for auditing

x x

In training
(observing process)

Lead auditor

Auditor code of conduct

Can perform with

assistance of mentor

ISO 9001 standard requirements

1 Don Brecken

Can perform without

assistance

Two years relevant work exper

ience

AS9100 standard requirements

Fully qualified
(can mentor others)

Internal auditor

CORE RequirEments Qualified JOBS

Legend

Employee
Kamal Anand

10

and be more highly credentialed

certificates that are maintained and
than those performing the audits.
readily available for access by the
Consider figure 1, which shows how
auditor.
qualifications of auditors
Conclusion
are documented for my
This matrix,
organization. Third-party
What should we
albeit a good
auditors should expect
expect to find when aupractice, is only diting an organizations
to find some type of
evidence about auditor a representation internal quality audit
qualification, such as
program? What level
of auditor
this matrix, which shows
of audit skills should be
credentials. A
how the organization
present? This answer is
third-party
tracks the qualifications
this: We should expect
auditor should compliance with appli(the skills required to
perform the job) of its
cable standards. If we
expect to find
internal auditors.
source documen- expect anything more
This matrix, albeit a
than the skills required to
tation
to
back
up
good practice, is only a
support the organization,
representation of auditor the claims made then we are not being
credentials. A third-party
objective auditors.
in the matrix.
auditor should expect to
About the author
find source documentation
to back up the claims made in the
Don Brecken is the director of
matrix. In the case of this matrix, our
quality for Commercial Tool & Die
third-party auditor will find training
Inc. His background includes quality
attendance records and auditor course
leadership, management consulting,
18 The Auditor JANUARYFEBRuARY 2011

registration and surveillance audits,

and quality system implementation.
Brecken is a fellow of the American Society for Quality (ASQ), a
certified manager of quality and
organizational excellence, an
RABQSA business improvement
auditor, and has served on the board
of examiners for the Malcolm Baldrige National Quality Award. He
is also a deputy regional director
for ASQs region 10.
Brecken earned his MBA in strategic management from Davenport
Universitys Sneden Graduate School.
He also has three undergraduate
degrees in business with a technical
specialty in quality leadership. He
instructs a variety of quality and
management-related courses for
Ferris State University and Davenport Universitys undergraduate
and graduate programs.
A

Comments? feedback@theauditoronline.com