Organizations are using audits to provide assurance to their customers that their operations are in compliance with Acts and regulations. Audit integrity and avoidance of auditor failures is an essential component.
These Acts and regulations will pertain to their operations and the associated jurisdictions (i.e. Federal, Provincial, State, etc.).
A key to achieving this goal is Audit Integrity.
However, there can be a number of pitfalls when ensuring Audit Integrity:
I ran across this article in the EHS http://ehsjournal.org/http:/ehsjournal.org/lawrence-cahill-robert-costello/ehs-audits-classic-auditor-failures/2012/
And Lawrence Cahill and Robert Costello try to identify what has been termed as classic auditor failures which may affect Audit Integrity
Avoidance of Auditor Failures
Have been categorized into
- ethical and technical dilemmas,
- the need to stay technically and functionally competent, and
- the need to have interpersonal skills and attributes
The article cites the International Organization for Standardization (ISO) 19011:2011 auditing guidelines and describes:
- Acting with fortitude
- Open to improvement
- Culturally sensitive
As a consequence, auditors often stumble during the process, and based on numerous observations and experiences, this happens to both internal and third-party EHS auditors.
This article written by Lawrence Cahill and Robert Costello presents ten classic auditor failures and discusses ways to avoid them (which have been reposted in a summary).
The following lessons are aimed principally at relatively new auditors, but a seasoned veteran should also take note.
1. Overall Approach – Defining Success
Wrong: “We’re there to find problems. It’s almost like we’re getting paid by the finding.”
Right: “We’re there to help the site improve.”
The role of the auditors is to be professional, independent, objective, and without bias and to let the facts dictate the outcome.
2. Preparation and Planning
Wrong: “We’ll hit the ground running on Monday; real-time planning is the way to go.”
Right: “We must be sensitive to the site’s scheduling needs; we should set an agenda prior to the audit and be on time for all events.”
The auditor’s job is to be on time consistently for interviews, even if site staff is not.
Site staff should not have to come looking for auditor.
Wrong: “I have a lot of other work to do while I’m on the audit; I hope we have a good cell connection. I also need to be on the Internet with my laptop.”
Right: “This is going to be a very long week. I have some other work that I will have to do in the hotel at night. I hope the hotel has a fast wireless Internet connection.”
Auditors must be discrete in the use of any communication devices during an audit.
Checking messages and conducting other work should be done on your time.
4. Auditor Posture Towards the Site
Wrong: “They will hide things from us; we must be suspicious.”
Right: “They will be open and candid; still, we should be thorough.”
“Trust but verify” was a signature phrase adopted and made famous by U.S. President Ronald Reagan.
Auditors must be rigorous in the evaluation but not necessarily suspicious of auditee’s behaviour.
5. Findings Ownership
Wrong: “The findings are mine; the site doesn’t have to agree.”
Right: “We can negotiate the findings but the final call is mine.”
Auditors need to be open to the auditee’s point of view on the technical merit of any particular finding.
In auditing, there are issues that are far from black and white.
6. Findings Credibility
Wrong: “Findings can be based on my opinion; after all, that’s why they’re paying me.”
Right: “My findings should be defensible; they should be based on specific requirements.”
Auditors should be principally evaluating the site’s status against these requirements.
An auditor’s personal opinion brings in a bias.
Any observation needs to be fundamentally sound and defensible.
7. Day-to-Day Communications
Wrong: “We are secretive with the findings until the closing conference. We want to see the expression on their faces when we discuss the deficiencies.”
Right: “We communicate openly and freely throughout the on-site process. We want to get it right.”
The onsite communication should be transparent throughout the audit.
There are benefits to all concerned when potential findings are communicated when observed.
8. Scheduling the Closing Conference
Wrong: “The closing conference will be scheduled based on my travel wishes.”
Right: “The closing conference will be scheduled to ensure that we’re done and the plant manager can attend.”
A closing meeting (if required) can make or break an audit.
Auditors should be flexible when scheduling the meeting to ensure maximum participation.
9. Communicating Post–on-site Findings
Wrong: “It’s okay if there are new findings in the report that were not discussed while the team was on-site.”
Right: “New findings will be very unlikely; if this situation occurs, we will alert the site before we issue the draft report.”
It is the goal of every audit team to be done with the audit before leaving the site.
Auditors should follow a “no surprises” philosophy.
10. Follow-on Work (third-party auditors)
Wrong: “This audit is going to be great! I’ll bet there’s $100,000 in follow-on work for us.”
Right: “We need to be clear about how we handle any potential follow-on work. Let’s wait until the audit is over and see what the client’s expectations are.”
Audits can be a source of follow-up work for third parties.
Third-party auditors need to understand the rules with regard to follow-up work any audit assignment.
Wrong: OVERALL…“We were relentless in identifying, justifying, and reporting all of the site’s deficiencies.”
Right: OVERALL…“We made a substantial difference in improving the safety and environmental performance at the site.”
The overall value of an audit should not be judged by the number of findings.
Focus should be on the value added to the site and the reduction in risk realized as a result of the audit.
The value of the audit is maximized when auditors collaboratively work with sites to reduce risks.
In summary, maintain audit integrity to avoid auditor failures.
ISO 19011:2011 provides additional guidance on auditor expectations.