Welcome back to the blog series on ‘What Makes an Audit Ineffective?’ In case you missed it, be sure to check out the previous posts where we discussed Required Documents and Records and Objective Evidence.

Auditing Basics: Auditor Competence
Let’s dive into the eight competencies QSI considers critical in an effective auditor:

  1. Communication Skills
    No surprise that like most situations, communication is a must.  An auditor needs to convey their thoughts clearly to the auditee.  When findings occur, the auditor must be able to present them in a manner that’s easy to understand, and based on fact or the applicable standard at hand.
  2. Critical Thinking
    Critical thinking is how we find and use evidence, observe situations, analyze data, draw conclusions and solve problems.  It’s the ability to think in a clear manner and use reasoning to determine the importance and relevance of ideas and opposing views.  Auditors with the ability to think critically can identify and solve problems in a systematic fashion, rather than relying on instinct.  When reviewing company records, an auditor must be able to understand the full picture, and that requires critical thinking.
  3. Analytical Skills
    There are a number of different technologies and software available to assist in performing all types of analysis, however, auditors need to have the ability to analyze data as well.  Auditors need to be able to review reports, whether created manually or by technology, and be able to draw conclusions from those reports.  Those conclusions help an auditor bring risks to light sooner for the auditee and  ensure mitigation techniques to resolve those risks.
  4. Integrity
    Integrity is the foundation of the code of ethics for any certified auditor.  Integrity establishes trust and provides the basis for reliance on the auditor’s judgement.  An auditor must be honest and truthful in regard to the audit and maintain objectivity in their work.  Without integrity, an auditor’s work becomes questionable.
  5. Confidentiality
    An auditor must maintain and respect the confidentiality of information obtained during the auditing process.  Confidential information means any information that the auditor receives in the course of conducting the audit pertaining to the audit organization, as well as any other information that could be deemed as confidential from the customer’s perspective.  Confidential information must not be disclosed to anyone outside of the audited organization.
  6. Organization
    With so many details during the course of an audit, information must be kept in order and easy to find.  Multiple files and large amounts of data or documents in a short period of time can pile up.  Organizational skills help the auditor stay on top of their work to ensure details aren’t missed.  Whether technology or handwritten journals are used to keep track of data, the auditor needs to ensure those resources are used and readily available.
  7. Curiosity
    Did curiosity kill the cat?  Curious people can make great auditors.  Asking questions is a critical part of the audit process.  Questions must be directed to the appropriate person at the appropriate time in order to obtain the desired result.  Asking questions helps the auditor evaluate operations, data, documents and processes to ensure the environment is operating as it should.
  8. Initiative
    Auditors should always be looking for ways to improve their career by continuing to learn.  Training courses, trade publications and earning additional certifications are all ways an auditor can show initiative.  Expanding knowledge translates into improved operations and processes for the audited organization.

In addition to these key competencies where your auditor may or may not excel, there are several auditor-centric factors that can contribute to the quality of your audit:

Auditor Burnout
Auditor burnout is a state of physical, emotional and mental exhaustion caused by excessive and prolonged stress. It can occur when an auditor is subjected to high levels of work-related stress, such as long hours, tight deadlines and demanding workloads, over an extended period of time.  It can lead to a range of negative consequences, including a decrease in productivity and an increase in errors. Symptoms of auditor burnout may include fatigue, irritability, difficulty concentrating and a sense of detachment from work.  In the case of auditors, burnout can be particularly problematic because the nature of the work requires a high level of attention to detail and a strong ability to focus. If an auditor is experiencing burnout, they may struggle to perform their duties to the best of their ability, which can have serious consequences for the organizations they’re auditing.

Auditors Providing Answers Not Based on Audit Evidence
Providing answers without being based on audit evidence can be risky for several reasons.  First and foremost, it can result in incorrect or misleading information.  This can have serious consequences, such as damaging an auditee’s reputation or leading to a loss of certification or registration.  Additionally, relying on unverified information can call into question the credibility and reliability of the audit, and may lead to skepticism or mistrust of the audit firm or the auditor.  This can damage the auditor’s reputation and undermine the value and purpose of the audit.  Furthermore, not basing answers on audit evidence can be a violation of professional standards and regulations.  Auditors are required to follow established auditing standards, which mandate the use of audit evidence to support the conclusions and opinions expressed in the audit report.  Failing to do so can lead to disciplinary action and consequences as far as having the auditor’s credentials revoked.

Auditors Failing to Understand the Technical Nature of Your Organization
There is a significant risk associated with not understanding the technical nature of the company being audited.  If an auditor doesn’t understand the technical nature and can’t properly assess internal controls, incorrect or incomplete audit conclusions may result.  In particular, if the auditor isn’t familiar with your industry or specific processes, they may not be able to properly evaluate relevant risk and vulnerabilities.  As a result, weaknesses in internal controls could be missed, resulting in serious consequences.  It’s important for auditors to have a sufficient understanding of the technical aspects of the audited organization in order to effectively and accurately perform duties.  This may require the auditor to seek additional training or guidance, or to engage technical specialists as needed.

  1. ISO 19011:2018 Guidelines for Auditing Management Systems

Previous Posts

Q1, 10th Edition Update

Q1, 10th Edition Update

Last week, the API announced the publication of Q1, 10th Edition. QSI will provide periodic...

Need assistance ensuring an effective audit for your organization?