There are now six principles of auditing

Julian Ringer reports on the second edition of ISO 19011: the standard for auditors

The scope of ISO 19011:2011, Guidelines for auditing management systems, has been expanded to reflect current thinking and the complexities of auditing multiple management system standards (MSS). This compares with the first edition of the standard, published in 2002, which applied only to ISO 9001 (quality) and ISO 14001 (environment).

The revised standard is largely unchanged; however it amplifies the concept of risk and recognises more explicitly the competence of the audit team and individual auditors. In addition, the use of technology in remote auditing is acknowledged.

The Principles of auditing on which the guidance is based have been revised and expanded to include a new principle of ‘Confidentiality – security of information’. There are now six principles. How do you, as an auditor, measure up?

Principle 1: Integrity

One of the qualities of an auditor is being ethical. For those of you attending an SEQM auditor course you will be asked to indicate which auditor quality best suits you and being ethical is the auditor quality ticked most frequently. Integrity incorporates honesty, diligence and responsibility. An auditor must demonstrate competence and yet be sensitive to influences. Remaining impartial in all situations can be challenging.

Principle 2: Fair presentation

One difficulty faced by all auditors is a requirement to reflect audit activities truthfully and accurately. Audit reporting continues to be inconsistent. Persistent failures to accurately describe the issue or to explain why a non-conformance is justified against specified criteria continue to frustrate clients and to reduce audit credibility.

Fair presentation requires the auditor to communicate truthfully and to report divergent opinions; the line between opinions and the truth can often become blurred and too many audit reports still rely too heavily on testimonial evidence. ‘In God we Trust – everybody else must produce the required evidence.’

Principle 3: Due professional care

As with all professions and including auditing there continues to be a requirement to exercise due care and in particular to make reasoned judgements. The evaluation or verification of audit evidence is critical to this process.

Principle 4: Confidentiality

A principle that requires auditors to be prudent in the use and protection of information acquired in the course of their duties. This is a recently specified principle and is new to the standard. It requires discretion in the use and protection of information. Data and information must not be used for personal gain nor must it be used inappropriately.

Ensuring that information gained or learned should be secure, and should remain secure, is the key to maintaining confidentiality and in securing trust.

Principle 5: Independence

Independent wherever practical: this has significant implications for internal auditors who must be independent of line managers. This is essential to avoid conflict of interest and to maintain objectivity.

Principle 6: Evidence-based approach

The term verification is too little used in auditing; all audit evidence must be verifiable

Audit conclusions must be reliable and reproducible and sampling as appropriate may be necessary.