Qualityworld

• Knowledge portal
• FAQs
• Information
• Qualityworld
  • Current issue
  • Editorial comment
  • Free Qualityworld
  • Past articles
  • Advertisers
  • Subscribe to Qualityworld
  • Advertise in Qualityworld
• Journal of Quality
• Jobs
• Press
• Links

Helpdesk

The problem

There are a lot of question marks surrounding the competence of certification body auditors at the moment. What is the best way of ensuring I get the best possible audit?

Over to the expert

Working with a certification body is like working with any supplier: you need to make it clear what you want. One thing to consider is that the competence of the auditor is only one part of getting a competent audit.

In 2006 IRCA did some work with users of third-party audits which generated some interesting results. Users recognised the link between price and value and that a better audit costs more. An effective audit requires appropriate resources, including adequate time to prepare and follow up the audit as well as sufficient time on-site. Of course, the audit team also requires the right mix of competences and one of the fundamentals is the auditors' understanding the client's business, its strategy, plans and stakeholder requirements, so that they can focus audit outcomes in relation to business objectives and encourage improvement.

Users increasingly want auditors to consider the value they give to their customers and they articulated an auditor 'wish list'. This includes an auditor who:

• understands business issues
• commands respect
• has maturity and credibility
• has industry knowledge
• can actively listen
• can leave the standard behind when required
• can analyse and make clear conclusions
• is an experienced
• is prepared to challenge and not be intimidated by senior managers
• can rank findings in terms of business benefits/risk reduction
• is sensitive to the organisation's 'vibe'

Users also indicated that they want auditors to be able to discuss these business issues with top management as a 'partner'. One question when selecting a lead auditor could be: 'Would you employ this auditor as a senior manager?'

Interestingly, the need to avoid consultancy in terms of telling clients what to do was well recognised. However, users do want more value by auditors being capable of linking business objectives and the audit finding, as well as uncovering the connection between risk (regulatory, market and technological) and the audit finding.

They also wanted auditors capable of focusing on meaningful continuous improvement, including following up on previous nonconformities in terms of root cause analysis and using previous audit findings to make findings more relevant.

Making your audit requirements clear to your certification body will generate a very positive response as long as you realise that the extra value may mean extra cost. Indeed, the certification bodies that we approached independently of the user group were fully aware of the need for the kind of audit competences listed above.

As a result of this user and certification body research, IRCA recently launched a new high-level corporate auditor certification programme, which certifies auditors with many of the competences listed above. Asking for your certification body to supply an auditor who meets these requirements is one way to ensure that you get this level of competence.

You will also find over 150 guidance documents and case studies for systems auditors in IRCA's Knowledge Bank. These expand on many of the issues listed above and are a useful resource for everyone involved in systems audit

Vince Desmond is executive director business development, combining the CQI and IRCA marketing and communications functions. For more information about the new IRCA corporate auditor programme, visit www.irca.org