Understanding Management System Auditing
Article - 3
Six Principles of Auditing
Keshav Ram Singhal
ISO 19011:2002 (the earlier version) mentioned five auditing principles - Ethical, Fair presentation, Due professional care, Independence, and Evidence-based approach, however the present version of the standard, ISO 19011:2011, Guidelines for auditing management systems, has mentioned six principles of auditing. First four principles discussed below are related to auditors and other two principles are related to the audit. These six principles are:
2. Fair presentation
3. Due professional care
6. Evidence-based approach
All above six principles provide basis to make the audit in a proper manner, so that an audit can be conducted inan effective and reliable manner. An audit provides information to the organization, thus providing opportunity to the organization to improve its performance. Audit conclusions will be relevant and sufficient, if audit principles are followed during the audit process.
This is the first principle that relates to an auditor. The principle of integrity is the foundation of professionalism. Integrity is essential to auditing. An auditor should perform his auditing with integrity. Accordingly, the auditor should perform his work with honesty, diligence and responsibility. He should observe and comply with applicable legal (statutory and regulatory) requirements. He should demonstrate his competence while performing his work. He should perform his work in an impartial manner. He should remain fair and unbiased in all his dealings. He should be sensitive to any influences that may be exerted on his judgement while carrying out an audit.
Fair presentation is the second principle that relates to an auditor. Fair presentation is the obligation on the auditor to report audit findings, audit conclusions and audit reports truthfully and accurately. It is expected from the auditor to also report – (i) significant obstacles encountered during the audit, (ii) unresolved diverging opinions between the auditor and the auditee.
Due professional care
Due professional care is the third principle that relates to an auditor. Due professional care requires the application of diligence and judgement in auditing. The application of diligence and judgement in auditing by the auditor reflects due professional care. It is for the auditor to exercise due professional care in accordance with the importance of task he performs. An auditor should exercise care in performing his task as the audit client(s) and other interested parties place confidence in him for doing so. The auditor should have the necessary competence to perform the task. The auditor should have the ability to make reasoned judgement (applying factual approach to decision making) in all audit situations. An auditor should remember that he performs a QMS audit to judge that the quality management system of the organization conforms to the planned arrangements to the requirements of ISO 9001:2008 QMS standard and requirements established by the organization. When an auditor is required to ascertain whether the quality management system of the organization is effectively implemented and maintained, then the application of diligence and judgement (factual approach to decision making) is required.
Confidentiality is the fourth principle that relates to the security of information acquired during auditing activities. The principle of confidentiality is required to maintain security of information, which are revealed to an auditor during the audit process. ISO 19011:2011 has included this principle as a new auditing principle. It is required that an auditor should exercise discretion in the use and protection of information acquired during the audit process. An auditor should not use any information acquired during audit process for personal gain. Audit information should not be used inappropriately in a manner detrimental to the legitimate interests of the auditee. Proper handling of sensitive or confidential information is required from an auditor to keep the security of information.
Independence is the fifth principle that is the basis for the impartiality of an audit and the objectivity of the audit conclusions. An auditor should not audit his own work. Accordingly, (i) an auditor should be independent of the activity being audited; (ii) an auditor should be free from bias and conflict of interest, (iii) an auditor should maintain an objective state of mind throughout the audit process, (iv) an auditor should be free from prejudice or partiality that could affect objectivity, (v) an auditor should ensure that audit findings and audit conclusions are based on audit evidences.
Evidence-based approach is the sixth principle that is the rational method for arriving at reliable and reproducible audit conclusions in a systematic audit process. Evidence-based approach as a principle of auditing is similar to the QMS principle ‘factual approach to decision making’. This principle is the rational method for reaching reliable and reproducible audit conclusions in a systematic way. Audit findings and audit conclusions should be based on audit evidences that are verifiable. An audit is conducted during a finite period of time and with finite resources, as such audit evidence should be based on samples of the information available. A QMS audit must be carried out in an objective manner. The auditing exercise mainly concentrates on gathering objective evidences. An appropriate use of sampling should be applied during auditing process.
If above six principles are applied while carrying out a QMS audit (including internal audit), the audit results will be useful to the organization and helpful for continual improvement of the system.