Hi everybody,
This should be a brief story about audit, compliance, and non-compliance, but I will confess that I have no idea how to get started. It may be because I simply want to talk to you about audit. Let me ask you something: do you know any auditor jokes?
Okay, I’ll tell you one, but you owe me one … maybe better than mine.
“Why did the auditors cross the road? Because they looked in the file and that’s what they did last year.”
You did not expect that, did you? If you didn’t get it, no worries. Just like my daughter keeps telling me, I am the only one laughing at my own jokes.
I found out where to start and, I promise, I will not say anything boring and I will not refer to charts and tables. Not now anyway… (in case you didn’t notice … a new joke.)
A few days ago I was contacted by an old friend, a quality manager, who asked me when I was able to schedule a “face to face” internal auditor training course.
Knowing that he is a very busy person and he likes self-study, his question surprised me.
– For you, Sebastian?
– Yes, but I would like to discuss the possibility of you going to Perth. My colleagues and I want to be face-to-face for an in-house training session.
– But I know you have a very good internal audit team, something wrong?
– No one in my team left if that’s what you think, but I understand that the new “guide for auditing” changes the rules a bit and adds the risk-based approach.
– You refer to “ISO 19011: 2018 Guidelines for Auditing Management Systems“, which replaced the 2011 version, right?
– Yes, exactly, and my boss just warned me by referring to a quote that I think he found on the internet, “If you think compliance is expensive – try non-compliance.”
– Yes, I know about it, it seems to belong to Paul McNulty, Former U.S. Deputy Attorney General. I think he’s right, and you know that as well as I do. The good news, Sebastian, is that you have a boss who understands well what “non-compliance” means. Tell me, how you want us to proceed
For those who are not familiar with ISO 19011, I have to tell you that it is not a standard for the management systems themselves.
ISO 19011:2018 “provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process. These activities include the individual(s) managing the audit programme, auditors and audit teams.”
I talked to Sebastian about his fears about the new version of ISO 19011: 2018 and I think one of the most important changes is the introduction of the risk-based approach.
Denise Robitaille, Chair of the ISO project committee that revised the standard, said: “Other key changes in the 2018 version include the addition of a risk-based approach to the principles of auditing to reflect the enhanced focus on risk in both management standards and in the marketplace. There are tips on auditing risks and opportunities as well as information on applying risk-based thinking to the audit process. In addition, guidance has been expanded in a number of areas such as managing an audit programme and conducting an audit.”.
The principle to which Denise Robitaille refers to brand new. Risk-based approach: an audit approach that considers risks and opportunities.
The risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the audit client, and for achieving the audit programme objectives.
Considering this new principle, we will find references to risks and opportunities in all the standard’s chapters (e.g. 5.3 Determining and evaluating audit programme risks and opportunities).
About all the other requirements of the new standard, I make documented references in my course “Internal Auditing Based On ISO 19011:2018“. The training material contains over 300 pages of information and practical examples.
If that matters to you, YES, I am personally available for two days wherever I have this training course planned, or anywhere and whenever you want us to work together.
I also consider the one-to-one option if it is something you are looking for.
Delivered on-site at your offices or training facilities, these one-to-one training courses provide a range of highly tailored learning for busy professionals.
I have the knowledge, experience, and energy. I put passion in what I do and I engage 100%.
I invite you to find out more about this training event, HERE.
Want to learn more about how we can work together? Do not hesitate to drop me an email at ion@iqualityservices.com.au.