June 30, 2020

Using professional judgment during an audit

The audit process consists to assess compliance of the regulatory requirements in comparison with the company’s implementation process, always considering the auditor’s professional judgment.

ISO 19011: 2018 – Guidelines for auditing management systems recommends the following:

“It is appropriate that auditors apply your professional judgment during the audit process and avoid focusing on specific requirements of each Section of the standard in order to achieve the intended result of the management system.”

“Some Sections of ISO management system standards are not readily suitable for auditing in terms of comparing between set of criteria and the content of a work procedure or instruction.”

In these two statements, the Standard establishes the need for the auditor to be open-minded for correct diligence and professional judgment, warning that the auditor should not be bound only by the requirements of the standards. ISO 19001 continues and warns of the need for professional judgment in a correct professional judgment process:

“In these situations, auditors should use their professional judgment to determine whether the Section’s intent has been accomplished or not.”

Always in all my lectures and training I use the following statement “The standards of management systems establish WHAT MUST be done, HOW to be done depends on organizations”. At some point, some professionals understand from this statement that the HOW can be done in any way, really forgetting the professional judgment process by the auditor in an audit process.

Professional judgment is of fundamental importance to assess whether how the management system was implemented meets the requirements of the reference standard. Here are some examples:

In a recent audit of ISO 27001 one of our auditors pointed out non-compliance in Annex A.9.1 Access Control, the implemented process did not really keep the processes in compliance. However, the auditee argued that how to implement it depended on the company and not the auditor’s judgment.

This is a classic case that the organization forgets that professional judgment is the responsibility of the process auditor, obviously covered by all attention to the regulatory requirements and with all openness to the client of an appeal process, if necessary.

Therefore, I reaffirm and add: the management systems rules establish WHAT SHOULD be done, the HOW to be done depends on the organizations, to be evaluated by the auditor’s professional judgment.

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

How to Engage Employees in ISO Implementation

Learn how to engage employees in ISO implementation in 4 fundamental steps and achieve superior results.

Understand the Importance of Process Mapping

Understand why Process Mapping is crucial for your company’s performance and for the continuous improvement of your QMS. Read now!

3 Essential Indicators for an Effective Quality Management System

3 Essential Indicators for a Quality Management System

There are 3 indicators for a Quality Management System that are essential for any organization, regardless of the field of activity, check which ones they are and if they match what your company has today.

What are the changed requirements in ISO 27001:2022?

Discover the changed requirements in ISO 27001:2022 and make the transition to the standard in a much simpler and result-focused way!

Non-Conformity Management: Root Cause Analysis

In the world of quality management, one of the most crucial aspects is the effective management of non-conformities. Root cause analysis is an indispensable procedure in this context, providing a path to prevent their recurrence. Learn more!

Greenwashing and Social Washing

The terms “Greenwashing” and “Social Washing” are interconnected, as both involve deceptive practices adopted by companies aiming to give the impression that they are committed to environmental and social sustainability when, in reality, their actions are not as beneficial as they appear.

ISO and Climate Change: How Standards Can Save Our Planet

Every day, the evidence of climate change in the world becomes more apparent, a clear result of environmental challenges, and with that, the search for sustainable solutions has become essential. This is how ISO and Climate Change are related, understand.

Transition to ISO 27001:2022 – Information

Understand the main factors that led to the transition of ISO 27001:2022 and how to carry out the transition!

Whistleblowing in Compliance Programs

The so-called “Whistleblowers” are aimed at promoting transparency, and their disclosures often have significant implications for the organization, helping to expose unethical, illegal, or harmful practices.