7 Competence and evaluation of auditors
7.1 General
Confidence in the audit process and the ability to achieve its objectives depends on the competence of
those individuals who are involved in performing audits, including auditors and audit team leaders.
Competence should be evaluated regularly through a process that considers personal behaviour and the
ability to apply the knowledge and skills gained through education, work experience, auditor training
and audit experience. This process should take into consideration the needs of the audit programme
and its objectives. Some of the knowledge and skills described in 7.2.3 are common to auditors of any
management system discipline; others arc specific to individual management system disciplines. It is
not necessary for each auditor in the audit team to have the same competence. However, the overall
competence of the audit team needs to be sufficient to achieve the audit objectives.
The evaluation of auditor competence should be planned, implemented and documented to provide an
outcome that is objective, consistent, fair and reliable. The evaluation process should include four main
steps, as follows:
- determine the required competence to fulfil the needs of the audit programme;
- establish the evaluation criteria;
d) conduct the evaluation.
The outcome of the evaluation process should provide a basis for the following:
--selection of audit team members (as described in 5.5.4);
--determining the need for improved competence (e.g, additional training);
--ongoing performance evaluation of auditors.
Auditors should develop, maintain and improve their competence through continual professional development and regular participation in audits (see 7.6).
A process for evaluating auditors and audit team leaders is described in 7.3, 7.4 and 7.5.
Auditors and audit team leaders should be evaluated against the criteria set out in 7.2.2 and 2.2.3 as well as the criteria established in 7.1
The competence required of the individual(s) managing the audit programme is described in 5.4.2.
7.2 Determining auditor competence
7.2.1 General
In deciding the necessary competence for an audit, an auditor's knowledge and skills related to the following should be considered:
a) the size, nature, complexity, products, services and processes of auditees;
b) the methods for auditing:
c) the management system disciplines to be audited;
d) the complexity and processes of the management system to be audited;
e) the types and levels of risks and opportunities addressed by the management system;
f) the objectives and extent of the audit programme;
g) the uncertainty in achieving audit objectives;
h) other requirements, such as those imposed by the audit client or other relevant interested parties. where appropriate.
This information should be matched against that listed in 7.2.3.
7.2.2 Personal behaviour
Auditors should possess the necessary attributes to enable them to act in accordance with the principles of auditing as described in Clause 4. Auditors should exhibit professional behaviour during the performance of audit activities. Desired professional behaviours include being
a) ethical, Le. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, ie, tactful in dealing with individuals;
d) observant, ie. actively observing physical surroundings and activities
e) perceptive, ie. aware of and able to understand situations;
f)
- tenacious, i.e. persistent and focused on achieving objectives;
- decisive, i.e. able to reach timely conclusions based on logical reasoning and analysis;
- self-reliant, i.e. able to act and function independently while interacting effectively with others;
- able to act with fortitude, i.e. able to act responsibly and ethically, even though these actions may
not always be popular and may sometimes result in disagreement or confrontation;
- open to improvement, i.e. willing to learn from situations;
- culturally sensitive, i.e. observant and respectful to the culture of the auditee;
- collaborative, i.e. effectively interacting with others, including audit team members and the
auditee’s personnel.
7.2.3 Knowledge and skills
- General
Auditors should possess:
- the knowledge and skills necessary to achieve the intended results of the audits they are expected
to perform;
- generic competence and a level of discipline and sector-specific knowledge and skills.
Audit team leaders should have the additional knowledge and skills necessary to provide leadership to
the audit team.
- Generic knowledge and skills of management system auditors
Auditors should have knowledge and skills in the areas outlined below.
a) Audit principles, processes and methods: knowledge and skills in this area enable the auditor to
ensure audits are performed in a consistent and systematic manner.
An auditor should be able to:
- understand the types of risks and opportunities associated with auditing and the principles of
the risk-based approach to auditing;
- plan and organize the work effectively;
- perform the audit within the agreed time schedule;
- prioritize and focus on matters of significance;
- communicate effectively, orally and in writing (either personally, or through the use of
interpreters);
- collect information through effective interviewing, listening, observing and reviewing
documented information, including records and data;
- understand the appropriateness and consequences of using sampling techniques for auditing;
- understand and consider technical experts' opinions;
- audit a process from start to finish, including the interrelations with other processes and
different functions, where appropriate;
— verify the relevance and accuracy of collected information;
- confirm the sufficiency and appropriateness of audit evidence to support audit findings and
conclusions;
- assess those factors that may affect the reliability of the audit findings and conclusions;
- document audit activities and audit findings, and prepare reports;
- maintain the confidentiality and security of information.
- Management system standards and other references: knowledge and skills in this area enable the
auditor to understand the audit scope and apply audit criteria, and should cover the following:
- management system standards or other normative or guidance/supporting documents used to
establish audit criteria or methods;
- the application of management system standards by the auditee and other organizations;
- relationships and interactions between the management system(s) processes;
- understanding the importance and priority of multiple standards or references;
- application of standards or references to different audit situations.
- The organization and its context: knowledge and skills in this area enable the auditor to understand
the auditee’s structure, purpose and management practices and should cover the following:
- needs and expectations of relevant interested parties that impact the management system;
- type of organization, governance, size, structure, functions and relationships;
- general business and management concepts, processes and related terminology, including
planning, budgeting and management of individuals;
- cultural and social aspects of the auditee.
- Applicable statutory and regulatory requirements and other requirements: knowledge and skills
in this area enable the auditor to be aware of, and work within, the organization’s requirements.
Knowledge and skills specific to the jurisdiction or to the auditee’s activities, processes, products
and services should cover the following:
- statutory and regulatory requirements and their governing agencies;
- basic legal terminology;
- contracting and liability.
NOTE Awareness of statutory and regulatory requirements does not imply legal expertise and a
management system audit should not be treated as a legal compliance audit.
7.2.3.3 Discipline and sector-specific competence of auditors
Audit teams should have the collective discipline and sector-specific competence appropriate for
auditing the particular types of management systems and sectors.
The discipline and sector-specific competence of auditors include the following:
- management system requirements and principles, and their application;
- fundamentals of the discipline(s) and sector(s) related to the management systems standards as
applied by the auditee;
- application of discipline and sector-specific methods, techniques, processes and practices to enable
the audit team to assess conformity within the defined audit scope and generate appropriate audit
findings and conclusions;
- principles, methods and techniques relevant to the discipline and sector, such that the auditor can
determine and evaluate the risks and opportunities associated with the audit objectives.
- Generic competence of audit team leader
In order to facilitate the efficient and effective conduct of the audit an audit team leader should have the
competence to:
- plan the audit and assign audit tasks according to the specific competence of individual audit team
members;
- discuss strategic issues with top management of the auditee to determine whether they have
considered these issues when evaluating their risks and opportunities;
- develop and maintain a collaborative working relationship among the audit team members;
- manage the audit process, including:
- making effective use of resources during the audit;
- managing the uncertainty of achieving audit objectives;
- protecting the health and safety of the audit team members during the audit, including ensuring
compliance of the auditors with the relevant health and safety, and security arrangements;
- directing the audit team members;
- providing direction and guidance to auditors-in-training;
- preventing and resolving conflicts and problems that can occur during the audit, including
those within the audit team, as necessary.
- represent the audit team in communications with the individual(s) managing the audit programme,
the audit client and the auditee;
- lead the audit team to reach the audit conclusions;
- prepare and complete the audit report.
- Knowledge and skills for auditing multiple disciplines
When auditing multiple discipline management systems, the audit team member should have an
understanding of the interactions and synergy between the different management systems.
Audit team leaders should understand the requirements of each of the management system standards
being audited and recognize the limits of their competence in each of the disciplines.
NOTE Audits of multiple disciplines done simultaneously can be done as a combined audit or as an audit of
an integrated management system that covers multiple disciplines.
7.2.4 Achieving auditor competence
Auditor competence can be acquired using a combination of the following:
- successfully completing training programmes that cover generic auditor knowledge and skills;
- experience in a relevant technical, managerial or professional position involving the exercise of
judgement, decision making, problem solving and communication with managers, professionals,
peers, customers and other relevant interested parties;
- education/training and experience in a specific management system discipline and sector that
contribute to the development of overall competence;
d) nrincinles. methods and technimies relevant to the discinline and sector, such that the auditor ran
d) audit experience acquired under the supervision of an auditor competent in the same discipline.
NOTE Successful completion of a training course will depend on the type of course. For courses with an
examination component it can mean successfully passing the examination. For other courses, it can mean
participating in and completing the course.
7.2.5 Achieving audit team leader competence
An audit team leader should have acquired additional audit experience to develop the competence
described in 7.2.3.4. This additional experience should have been gained by working under the direction
and guidance of a different audit team leader.
- Establishing auditor evaluation criteria
The criteria should be qualitative (such as having demonstrated desired behaviour, knowledge or the
performance of the skills, in training or in the workplace) and quantitative (such as the years of work
experience and education, number of audits conducted, hours of audit training).
- Selecting appropriate auditor evaluation method
The evaluation should be conducted using two or more of the methods given in Table 2. In using Table 2,
the following should be noted:
- the methods outlined represent a range of options and may not apply in all situations;
- the various methods outlined may differ in their reliability;
- a combination of methods should be used to ensure an outcome that is objective, consistent, fair
and reliable.
.5 Conducting auditor evaluation
The information collected about the auditor under evaluation should be compared against the criteria
set in 7.2.3. When an auditor under evaluation who is expected to participate in the audit programme
does not fulfil the criteria, then additional training, work or audit experience should be undertaken and
a subsequent re-evaluation should be performed.
7.6 Maintaining and improving auditor competence
i Auditors and audit team leaders should continually improve their competence. Auditors should maintain
their auditing competence through regular participation in management system audits and continual
professional development. This may be achieved through means such as additional work experience,
training, private study, coaching, attendance at meetings, seminars and conferences or other relevant
activities.
The individuals) managing the audit programme should establish suitable mechanisms for the
continual evaluation of the performance of the auditors and audit team leaders.
The continual professional development activities should take into account the following:
- changes in the needs of the individual and the organization responsible for the conduct of the audit;
- developments in the practice of auditing including the use of technology;
- relevant standards including guidance/supporting documents and other requirements;
- changes in sector or disciplines.
7.2.2稽核員應具備必要的個性,使他們能夠按照稽核員的要求行事 第 4 條中所述的稽核原則。稽核員在審核過程中應表現出專業行為稽核活動的績效。 期望的職業行為包括: |