QMS Certification Blog

Using professional judgment during an audit

The audit process consists to assess compliance of the regulatory requirements in comparison with the company’s implementation process, always considering the auditor’s professional judgment.

ISO 19011: 2018 – Guidelines for auditing management systems recommends the following:

“It is appropriate that auditors apply your professional judgment during the audit process and avoid focusing on specific requirements of each Section of the standard in order to achieve the intended result of the management system.”

 “Some Sections of ISO management system standards are not readily suitable for auditing in terms of comparing between set of criteria and the content of a work procedure or instruction.”

 In these two statements, the Standard establishes the need for the auditor to be open-minded for correct diligence and professional judgment, warning that the auditor should not be bound only by the requirements of the standards. ISO 19001 continues and warns of the need for professional judgment in a correct professional judgment process:

 “In these situations, auditors should use their professional judgment to determine whether the Section’s intent has been accomplished or not.”

 Always in all my lectures and training I use the following statement “The standards of management systems establish WHAT MUST be done, HOW to be done depends on organizations”. At some point, some professionals understand from this statement that the HOW can be done in any way, really forgetting the professional judgment process by the auditor in an audit process.

 Professional judgment is of fundamental importance to assess whether how the management system was implemented meets the requirements of the reference standard. Here are some examples:

In a recent audit of ISO 27001 one of our auditors pointed out non-compliance in Annex A.9.1 Access Control, the implemented process did not really keep the processes in compliance. However, the auditee argued that how to implement it depended on the company and not the auditor’s judgment.

 This is a classic case that the organization forgets that professional judgment is the responsibility of the process auditor, obviously covered by all attention to the regulatory requirements and with all openness to the client of an appeal process, if necessary.

Therefore, I reaffirm and add: the management systems rules establish WHAT SHOULD be done, the HOW to be done depends on the organizations, to be evaluated by the auditor’s professional judgment.

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

Compliance in the Third Sector Understand Its Importance

Compliance in the Third Sector Understand Its Importance

The third sector is a sphere of economic activity that encompasses non-governmental organizations (NGOs), associations, foundations, and other entities that operate for social, environmental, cultural, or community development purposes, but which are often used for fraudulent activities, hence the relevance of compliance in the third sector.

Become an ISO Certification Auditor

Become an ISO Certification Auditor

Everything you need to know about becoming an ISO certification auditor (ISO 9001, 14001, 45001, and other standards) and achieving professional success!

Scroll to Top