Back

Evaluate the competency of auditors.


CONTROL ID
15253
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Assess the quality of the audit program in regards to the staff and their qualifications., CC ID: 01150

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • select the appropriate evaluation method; (§ 7.1 ¶ 2(c), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • other requirements, such as those imposed by the audit client or other relevant interested parties, where appropriate. (§ 7.2.1 ¶ 1(h), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • conduct the evaluation. (§ 7.1 ¶ 2(d), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • determining the need for improved competence (e.g. additional training); (§ 7.1 ¶ 3 Bullet 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Auditors and audit team leaders should be evaluated against the criteria set out in 7.2.2 and 7. 2 . 3 as well as the criteria established in 7.1. (§ 7.1 ¶ 6, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • The information collected about the auditor under evaluation should be compared against the criteria set in 7. 2 . 3. When an auditor under evaluation who is expected to participate in the audit programme does not fulfil the criteria, then additional training, work or audit experience should be unde… (§ 7.5 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the management system disciplines to be audited; (§ 7.2.1 ¶ 1(c), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the methods for auditing; (§ 7.2.1 ¶ 1(b), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the complexity and processes of the management system to be audited; (§ 7.2.1 ¶ 1(d), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the size, nature, complexity, products, services and processes of auditees; (§ 7.2.1 ¶ 1(a), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the uncertainty in achieving audit objectives; (§ 7.2.1 ¶ 1(g), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the types and levels of risks and opportunities addressed by the management system; (§ 7.2.1 ¶ 1(e), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the objectives and extent of the audit programme; (§ 7.2.1 ¶ 1(f), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • preventing and resolving conflicts and problems that can occur during the audit, including those within the audit team, as necessary. (§ 7.2.3.4 ¶ 1(d) Bullet 6, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • cultural and social aspects of the auditee. (§ 7.2.3.2 ¶ 1(c) Bullet 4, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • This information should be matched against that listed in 7.2.3. (§ 7.2.1 ¶ 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • The criteria should be qualitative (such as having demonstrated desired behaviour, knowledge or the performance of the skills, in training or in the workplace) and quantitative (such as the years of work experience and education, number of audits conducted, hours of audit training). (§ 7.3 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the various methods outlined may differ in their reliability; (§ 7.4 ¶ 1(b), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • The evaluation should be conducted using two or more of the methods given in Table 2. In using Table 2, the following should be noted: (§ 7.4 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Auditors should possess the necessary attributes to enable them to act in accordance with the principles of auditing as described in Clause 4. Auditors should exhibit professional behaviour during the performance of audit activities. Desired professional behaviours include being: (§ 7.2.2 ¶ 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • the methods outlined represent a range of options and may not apply in all situations; (§ 7.4 ¶ 1(a), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • a combination of methods should be used to ensure an outcome that is objective, consistent, fair and reliable. (§ 7.4 ¶ 1(c), ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • application of standards or references to different audit situations. (§ 7.2.3.2 ¶ 1(b) Bullet 5, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • needs and expectations of relevant interested parties that impact the management system; (§ 7.2.3.2 ¶ 1(c) Bullet 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • general business and management concepts, processes and related terminology, including planning, budgeting and management of individuals; (§ 7.2.3.2 ¶ 1(c) Bullet 3, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • contracting and liability. (§ 7.2.3.2 ¶ 1(d) Bullet 3, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • type of organization, governance, size, structure, functions and relationships; (§ 7.2.3.2 ¶ 1(c) Bullet 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • statutory and regulatory requirements and their governing agencies; (§ 7.2.3.2 ¶ 1(d) Bullet 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • basic legal terminology; (§ 7.2.3.2 ¶ 1(d) Bullet 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Obtain an understanding of the other practitioner's professional competence. (The service auditor may make inquiries about the other practitioner to the other practitioner's professional organization or to other practitioners, inquire about whether the other practitioner is subject to regulatory ove… (¶ 2.172 b., SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)