Using professional judgment during an audit

The audit process consists to assess compliance of the regulatory requirements in comparison with the company’s implementation process, always considering the auditor’s professional judgment.

ISO 19011: 2018 – Guidelines for auditing management systems recommends the following:

“It is appropriate that auditors apply your professional judgment during the audit process and avoid focusing on specific requirements of each Section of the standard in order to achieve the intended result of the management system.”

 “Some Sections of ISO management system standards are not readily suitable for auditing in terms of comparing between set of criteria and the content of a work procedure or instruction.”

 In these two statements, the Standard establishes the need for the auditor to be open-minded for correct diligence and professional judgment, warning that the auditor should not be bound only by the requirements of the standards. ISO 19001 continues and warns of the need for professional judgment in a correct professional judgment process:

 “In these situations, auditors should use their professional judgment to determine whether the Section’s intent has been accomplished or not.”

 Always in all my lectures and training I use the following statement “The standards of management systems establish WHAT MUST be done, HOW to be done depends on organizations”. At some point, some professionals understand from this statement that the HOW can be done in any way, really forgetting the professional judgment process by the auditor in an audit process.

 Professional judgment is of fundamental importance to assess whether how the management system was implemented meets the requirements of the reference standard. Here are some examples:

In a recent audit of ISO 27001 one of our auditors pointed out non-compliance in Annex A.9.1 Access Control, the implemented process did not really keep the processes in compliance. However, the auditee argued that how to implement it depended on the company and not the auditor’s judgment.

 This is a classic case that the organization forgets that professional judgment is the responsibility of the process auditor, obviously covered by all attention to the regulatory requirements and with all openness to the client of an appeal process, if necessary.

Therefore, I reaffirm and add: the management systems rules establish WHAT SHOULD be done, the HOW to be done depends on the organizations, to be evaluated by the auditor’s professional judgment.

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

External Audits

Possible Challenges of External Audits (3rd Party Audits)

We are well aware that many of the challenges of external audits (3rd party audits) lead to a certain unease among professionals. This is because the audit is a serious and sensitive moment, aiming to assess process conformity and relating to the company’s certification.

The Importance of Management Systems in Achieving Results

The Importance of Management Systems in Achieving Results

Discover the secrets of business success! Understand the importance of management systems in achieving business results and reach the next level! Management systems (MSs) are, in summary, predefined organizational structures. They help build and manage a company’s processes, activities, and operations in the most effective and efficient

3 Risk Analysis Tools

3 Risk Analysis Tools

The use of risk analysis tools is of utmost importance for companies and organizations in various sectors. These tools, known as risk analysis tools, enable the identification, assessment, and management of risks associated with activities, projects, and processes, ensuring a proactive approach to mitigating potential negative impacts.

Scroll to Top