To achieve any level of accreditation, in any discipline requires the applicant to undergo a level of training and experience that will fit them to carry on their profession with minimal risk to their clients. So, for example, a doctor must have specialist undergraduate training, followed by post graduate training and experience prior to achieving any registered status and being allowed to practice (interesting word in this context) on the population at large. Even after that hurdle the same doctor is required to jump further hurdles before being able to expand his range of activities beyond the original scope.
All of this is reasonable, and usually ensures that our medical care is safe and secure under the watchful eye of the accreditation system. But what of our auditors?
It is a fact that outside some specialist areas – of which finance is typical – individuals can set up in business as untrained auditors and legitimately carry on in the same manner as their qualified associates. That however is not the issue I would raise here. My concern is for auditors who despite any specialist auditor training as auditors are just not up to the job.
Increasingly, customers of certifying organisations (registrars) are dissatisfied with the performance of the auditors whose services they have to pay for. For many the continued registration of their organisation with minimal inconvenience is no longer sufficient. The skill set of the auditor is now no longer adequately contained within the training and experience envelope of their registration conditions.
ISO 17024 sets out to establish a mechanism for objectively measure competence. By clearly defining requirements of performance and competencies it has set forth the possibility to provide a starting point in the auditor certification process, possibly removing from the accreditation process potential auditors with not enough business management ability and awareness.
Complaints showing up against registered auditors are mostly (around 90%) dealing with auditor conduct on site, rather their personal skills or knowledge.
The difficulty with improving the quality of auditor applicants for registration lies largely in the definitions of auditor requirements, typically shown by ISO9001, where competence is defined as the ability to apply knowledge and skills. Training therefore concentrates on the acquisition of knowledge and skills for the auditor job, as perceived by the registration organisations.
Essentially what is required is a set of psychometric tests to eliminate potential auditors with no real experience, ability or inclination to conduct audits that are applicable and valuable to the organisation in which they work. To create such tests would require an in depth knowledge of the required attributes of an effective auditor, and it isn’t probable that either the registrars or the auditor registration organisations would attempt to explore that domain.