June 30, 2020

Using professional judgment during an audit

The audit process consists to assess compliance of the regulatory requirements in comparison with the company’s implementation process, always considering the auditor’s professional judgment.

ISO 19011: 2018 – Guidelines for auditing management systems recommends the following:

“It is appropriate that auditors apply your professional judgment during the audit process and avoid focusing on specific requirements of each Section of the standard in order to achieve the intended result of the management system.”

“Some Sections of ISO management system standards are not readily suitable for auditing in terms of comparing between set of criteria and the content of a work procedure or instruction.”

In these two statements, the Standard establishes the need for the auditor to be open-minded for correct diligence and professional judgment, warning that the auditor should not be bound only by the requirements of the standards. ISO 19001 continues and warns of the need for professional judgment in a correct professional judgment process:

“In these situations, auditors should use their professional judgment to determine whether the Section’s intent has been accomplished or not.”

Always in all my lectures and training I use the following statement “The standards of management systems establish WHAT MUST be done, HOW to be done depends on organizations”. At some point, some professionals understand from this statement that the HOW can be done in any way, really forgetting the professional judgment process by the auditor in an audit process.

Professional judgment is of fundamental importance to assess whether how the management system was implemented meets the requirements of the reference standard. Here are some examples:

In a recent audit of ISO 27001 one of our auditors pointed out non-compliance in Annex A.9.1 Access Control, the implemented process did not really keep the processes in compliance. However, the auditee argued that how to implement it depended on the company and not the auditor’s judgment.

This is a classic case that the organization forgets that professional judgment is the responsibility of the process auditor, obviously covered by all attention to the regulatory requirements and with all openness to the client of an appeal process, if necessary.

Therefore, I reaffirm and add: the management systems rules establish WHAT SHOULD be done, the HOW to be done depends on the organizations, to be evaluated by the auditor’s professional judgment.

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Possible Challenges of External Audits (3rd Party Audits)

We are well aware that many of the challenges of external audits (3rd party audits) lead to a certain unease among professionals. This is because the audit is a serious and sensitive moment, aiming to assess process conformity and relating to the company’s certification.

Interpreting requirement 7.5 Documented Information in ISO 14001:2015

Discover the importance of documented information in ISO 14001:2018 and how it can boost your company’s environmental management. Read now!

ISO 31000 and COSO – Risk Management: Understanding the References

Risk management is an essential practice for companies of all sizes and sectors, and there are several important references that can guide its implementation. Two widely recognized references are ISO 31000 and COSO.

What is the relationship between ESG and ISO standards?

Discover the important relationship between ESG and ISO standards and drive your organization’s results towards success!

The Importance of Management Systems in Achieving Results

Discover the secrets of business success! Understand the importance of management systems in achieving business results and reach the next level! Management systems (MSs) are, in summary, predefined organizational structures. They help build and manage a company’s processes, activities, and operations in the most effective and efficient

The Importance of Feedback in Management

The importance of feedback in management is substantial; however, surprisingly, many companies still do not use it properly within their teams.

What is the OKR methodology for tracking indicators?

Use the OKR methodology to monitor performance and maximize your company’s results in an agile and outcome-focused manner!

3 Risk Analysis Tools

The use of risk analysis tools is of utmost importance for companies and organizations in various sectors. These tools, known as risk analysis tools, enable the identification, assessment, and management of risks associated with activities, projects, and processes, ensuring a proactive approach to mitigating potential negative impacts.

Item “7.1.6 Organizational Knowledge” of ISO 9001:2015

See the interpretation of item “7.1.6 Organizational Knowledge” of ISO 9001:2015 and understand its importance for companies.