The Certificate, even if recorded on a professional register, is never enough
Competence is defined as the ‘ability to apply knowledge and skills to achieve intended results’. And so it is with ISO Auditor Competence. For Lead Auditors and their Audit Team Members, the requirements are clearly spelt out.
Do you have what it takes to be a Lead Auditor?
In clause 4.3.3 of ISO 17021-1, the ISO Standard for Certification Bodies - competency is a key requirement for the certification body to have an implemented process for the establishment of competence criteria. This will be used for the personnel involved in the audit and other certification activities as well as to perform evaluations against the criteria.
Also, 'the certification body shall have processes for selecting, training, formally authorizing auditors and for selecting and familiarizing technical experts used in the certification activity'.
The initial competence evaluation of an auditor, by the Certification Body, ‘shall include the ability to apply required knowledge and skills during audits, as determined by a competent evaluator observing the auditor conducting an audit’.
Auditor Qualifications
Auditors are required to demonstrate certain knowledge and skills including the following:
For Audit Team Members
- Knowledge of specific management system standards/normative documents
- Knowledge of certification body’s processes
- Knowledge of client’s business sector
For Lead Auditors, in addition to the four Knowledge and Skillsets, the following are also required:
- Knowledge of business management practices
- Knowledge of audit principles, practices and techniques
- Knowledge of client products, processes and organization
- Language skills appropriate to all levels within the client organization
- Note-taking and report-writing skills
- Presentation skills
- Interviewing skills
- Audit-management skills
Auditor competence, then, goes beyond a knowledge of the standard or the completion of a Certified Auditor Course.
Who sets the criteria and who evaluates, and decides on ISO Auditor competence?
Competence is defined as the ‘ability to apply knowledge and skills to achieve intended results’ (EN ISO 9000:2015, para 3.10.4).
In clause 4.3.3 of ISO 17021-1, the ISO Standard for Certification Bodies, competency is a key requirement. The certification body must have an implemented process for setting competence criteria for the personnel involved in...
- the audit,
- other certification activities and
- performing evaluations against the criteria.
Also, the Certification Body must have processes for selecting, training, and formally authorizing auditors and for selecting and familiarizing technical experts used in the certification activity. The initial competence evaluation of an auditor, by the Certification Body, ‘shall include the ability to apply required knowledge and skills during audits, as determined by a competent evaluator observing the auditor conducting an audit’.
So, the application of what knowledge and skills must an auditor demonstrate?
Can a Training Organization or a professional body determine an ISO Auditor's competence?
No! The two things to note are...
1) in determining competence, the auditor must be observed conducting an audit and
2) the observer must be provided by the Certification Body.
So, as required by ISO 17021-1, this is the certification body's responsibility and it is the Certification Body that decides on an auditor's competence and maintains evidence of such competency.
Must an ISO Auditor maintain an Auditor's Log and be re-trained or re-certified every 3 years?
Again, no! There are no such requirements in ISO 27001-1. The certification body must, of course, ensure the auditor's ongoing competence. Re-training, conversion training, and the extension of scope (add other ISO standards) may be part of maintaining competence. Experience over 25+ years tells us that practical and frequent experience in carrying out audits is a more significant component in maintaining competency than training.
Certified Auditor Training is important, but it is only one step on the way to your becoming a competent ISO Auditor.
For further information…
If you'd like further information, try these links.
- ISO 19011: 2011 - Guidelines for auditing management systems
- ISO 17021-1: 2015 - Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 1: Requirements
- ISO/IEC TS 17021-2:2012 - Part 2: Competence requirements for auditing and certification of environmental management systems
- ISO/IEC TS 17021-3:2013 - Part 3: Competence requirements for auditing and certification of quality management systems
For a little fun, assess your Auditing Skills
Curious to know how your auditing skills measure against ISO standards? Try our internal auditor skills checker for free by clicking the button below.
Related Articles
- 5 Reasons Why Assessing the Competence of Auditors is a Must
- Certified ISO Auditors need further training - It's About Competency
- ISO 9001 Competence, Awareness, and Communication
- Do ISO Lead Auditor Training Days Matter?
- How to become an ISO Lead Auditor
Note: First published July 2020; revised and updated June 2022.
deGRANDSON Global is an ISO Certified Educational Organization
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.