Welcome again to this blog. In this post I continue with the controversial, but important,
topic of the unfortunately common lack
of competence of management systems auditors.
As I wrote in the last entry, it is a fact that most of management systems auditors have been trained in a limited
way and in that limited way they have also been qualified and certified, and that is why an interesting situation has been
generated globally, in which we have thousands
of those auditors who have not
demonstrated, and apparently a large proportion of them do not have, an
adequate level of competence to
perform this important function, in
accordance with the requirements established by the ISO 19011: 2018 standard.
I have not mentioned this for insulting or disqualifying the currently
millions of people who perform this important function, either internally,
or as first party, in organizations that have established or are establishing their management systems; externally, or as second party, in those organizations that are evaluated by their clients,
or externally, but as third party, by certification or accreditation bodies, as well as trainers, consultants or independent auditors who provide this type of support.
I am convinced that the majority of management systems auditors, whether or not they have had an appropriate training and / or certification, carry out their role in a professional
way, and many of them with great passion for their activity, and therefore help
the organizations for which they work, to evaluate whether the management systems they audit are complying with the due requirements and achieving the expected
results. I do not
have any doubt about that. However, an issue that nobody touches is that the training of a management
system auditor
is a process that takes many years, among formal education, technical experience in the
particular discipline of that management system, specific technical
training, both of the
corresponding management system standard, and particularly of auditing techniques, as well as active participation in a large number
of audits, first as an auditor in training, and later as a qualified auditor, as the case may be, as a lead auditor. And from there, the auditor should continue with their training and constant updating. In fact, you are not
a competent
auditor because you have attended to one or several auditor training courses.
My doubts about this situation go more towards what may be the effects
of having thousands of auditors in office who surely do not have the level of competence according to the ISO 19011: 2018 standard itself. What I have observed in my professional
life, in relation to performance of a large number of management
systems auditors, is that there are various limitations, such as
those indicated below:
a) I start by mentioning that most auditors nowadays do not know well, or do not fully
understand, the general elements
that make up what a management system is and what a management system standard is, considering obviously that they are not the same concept. It turns
out that there are a large number of elements
that are part of a management system, in any discipline, that are not identified or established as requirements in the corresponding standard of that management
system. Every management
systems auditor, in any discipline, should know and understand
these differences and perform their role accordingly.
A problem that arises in relation to this limitation is that very few organizations dedicated to the training of professionals in management
systems, which is generally
considered preliminary course for auditors training, include these topics in their training programs, so in most cases, auditors would have to access this knowledge on their own.
It should be clarified that this limitation occurs not only with auditors, but with any professional of management systems.
b) A second limitation that occurs in most auditors that I have met is the lack of knowledge and understanding of requirements of management systems standards. Obviously, I don't mean to say that most auditors are ignorant. What I am referring to is that in
most cases, auditors do not have the complete knowledge, or an adequate
understanding, of the clauses,
sub-clauses and requirements of the support standard of the management system that they are auditing.
Probably the majority of qualified or certified auditors who read this text (hopefully there are many), will think a priori
that I am totally wrong in this asseveration. I know that most of them know the
full text of the clauses
and sub-clauses of the standards of the management systems they audit, and that many of them know very well the text of ISO Annex SL, in which the criteria for identifying and establish the clauses
and sub-clauses of many management
system standards. However, it
is not the same knowing the text of all the clauses and
sub-clauses of a standard, than
understanding them fully, in the same way that a clause or a sub-clause
is not the
same as a requirement of that standard, and it is not always true that every time a “shall” term appears in the text of a sub-clause of any standard we should automatically understand it as a single requirement of the same, and unfortunately that is a very common, and wrong, way in
which auditors identify
and even quantify the elements to be audited in a management system.
In the same way as in the previous point, the problem that arises at a
global level is that the majority of organizations providing training on management systems, in their analysis or interpretation requirements programs of the different management systems standards, which are generally also considered as a prerequisite for auditors training, do not provide adequate support to analyse the
various requirements of the standards, but rather their own requirements analysis schemes,
generally incomplete, but what I consider more serious problem is that they do
not include an analysis methodology
in those programs, so that the professional in training could carry out this analysis and identification of the standard requirements, during their professional activities. For management systems auditors, it would be a very valuable tool to schedule their audits and, where appropriate, to elaborate the questions in their checklists in a clear and understandable way, both for them
and for their auditees.
If the training objective that an auditor knows and understands the requirements of the management system standard in which he/she is specializing is not achieved, there will be launched
into the labour market an unreliable person who will systematically carry out
his/her audits in an inappropriate manner.
It is not difficult to understand that, in a natural way, the auditor will avoid, during the planning or execution of an audit, those elements, or requirements, that he/she does not understand or in which he/she
has doubts. Therefore, for the top management of the organization for which an auditor works, whether for internal or first-party
audits, suppliers
or second-party
audits, or certification or
accreditation evaluations, which are third-party audits, it will be extremely difficult to identify those
possible deficiencies that are not mentioned either in the checklists or in the audit reports.
Otherwise, if he cannot evade it, the non-competent auditor will tend to consider inappropriate evidence as valid to demonstrate compliance with some
requirements, or else to consider as invalid evidence that is
appropriate to demonstrate compliance, which in both cases is negative for the audit process, that although these poor performances can be evidenced,
it is more difficult to detect it when an element that does not comply with the standard requirement is considered valid, since the audited area or organization will generally not file a complaint for it.
c) Another limitation that we find in a common way, is that many auditors of management systems, could not affirm that the majority, but I do believe they are, have not become
aware of the appropriate performance
that an auditor should have, in accordance with the principles that identifies the ISO 19011: 2018 standard, nor in the attributes that this standard indicates.
That is why there are many cases, and I think most of us know several of them,
of auditors who have inappropriate behaviour during the
execution of audits, who are arrogant, haughty, unethical, offensive
and sarcastic with auditees, who generate conflicts within the audited areas or organizations, creating terror in their wake, or others that, by
making them feel that they know everything, provide the auditees with hints or clear recommendations for solutions
to the non-conformities that they detect. In all these cases, the auditor detracts from the audit process.
It is difficult to prevent those responsible for the audited organizations or areas from having anxiety or fear facing an audit process, especially if from the obtained result depends on
something additional to the management system itself, such as whether the organization is accepted by an important client, or obtaining a certificate. But, if the main cause of that fear is a specific
auditor, we may automatically assure that that auditor is incompetent, since that fear that it generates
limits the ability of the auditee to provide the correct information. And I have met
many auditors who are proud that people fear them.
It is important for us to remember what has been identified in ISO 19011:2018 as the principles of auditing, and that the application of several of them is
more dependent on the auditor´s behaviour. In order to remember those principles, I present them to you.
d) An additional limitation, relatively common, is that which refers to poorly trained auditors, that is, those who do not have the necessary competence to carry out an
appropriate management of an audit programme, the planning or scheduling
of an audit, executing
an audit, or reporting properly, truthfully and accurately an audit. If the auditor, either leader or responsible for these activities, does not have that
appropriate level of competence,
there will be very little value that can be generated with its execution, and
that is the reason why thousands of audits of management systems are carried out, in which it may be possible to detect and document some
non-conformities, but risk
situations that the organization faces are not identified, in terms of the
suitability of that management system, much less to identify the level of efficiency of the system or to generate
observations that help to strengthen
it. This is what prevents the creation of value by the audit process itself.
As we can see, the performance
of management systems auditors should be of great concern to many people, in
addition to the auditors
themselves.
If you are a qualified
auditor and are looking for a different and better training program, for increasing you level of competence,
I invite you check out the GESTEC´s Master Auditor
Program, clicking here. I hope it fulfil your needs and expectations for maintaining your auditor´s qualification.
Based on these limitations that I have mentioned, we could identify the most relevant criteria that should be
taken into account by those who evaluate and qualify management systems auditors, and above all, by those responsible for the audit areas for management systems and the auditors themselves, in relation to their ongoing training and maintenance of their qualification.
Author:
Ernesto Palomares Hilton
Comments
Post a Comment
Nombre:
País:
Comentarios: