Avoiding auditing pitfalls | CQI | IRCA Skip to main content

Avoiding auditing pitfalls

Published: 8 Jun 2021

Stanley O'Donnell IRCA Principal Auditor, has conducted audits globally in a variety of industries including aerospace, medical, oil and gas, to name a few. He has experienced many pitfalls when auditing and shares some of the obstacle’s auditors should avoid.

When auditing any internationally recognised management system e.g., ISO 9001 (quality), AS9100 (quality for the Aviation, Space and Defence industry) or ISO 14001 (environmental management), the objective is to provide unbiased facts and observations at the time of the audit.

Areas of weakness addressed by audits, such as poor performance or noncompliance with the standard, will indicate where opportunities for improvement (OFI) or observations (OBS) can be made. Subsequently, OFI and OBS can be implemented to benefit the organisation and its customers.

What are the pitfalls in the audit process?

In my experience, poor communication in terms of the auditor’s perspective and the auditee’s understanding is the single biggest cause of failure inhibiting a successful audit outcome for both parties.

Pitfall 1: Auditors must remember that the auditee representative may not have the entire quality system or other management system as their primary responsibility and therefore may not have same level of in depth understanding as the auditor. The auditor should therefore listen carefully to the auditee response to judge whether or not they have understood the question.

Pitfall 2: Auditor becomes opinionated in relation to the standard. This occurs when auditors have audited to the standard so many times that they believe their interpretation of the intent and implementation of the standard content is the only correct benchmark by which to assess the auditee’s quality management system. This leads to bias in their results.

Poor planning leads to poor performance. Therefore it is vital that when planning an audit that auditors should: 

  • Learn about the company and its industry sector before conducting the audit;
  • Be competent and understand the technical aspects involved in the audit; and
  • Prepare checklists and audit schedules which are relevant to the function or operation being audited.

Audit approach

The auditor’s approach and interaction with the auditee is critical to a successful audit. If the auditee feels they cannot trust the auditor in their professional capacity, the results will not provide an accurate snapshot of the state of the management system at the time of the audit.

It is also crucial that when conducting an audit, key personnel being audited are not permitted to leave the audit area. Staff leaving the area can cause delay and disruption to the audit flow, which in turn can lead to incomplete coverage of the subject/function being audited.

Another important aspect of the audit is to keep contemporary notes related to the findings and documents, personnel involved, and when the audit finding occurs. They must be concise as to the who, why and what led to the notes being recorded.

A lack of objectivity and the use of assumption instead of fact are cardinal sins for an auditor. This is seen in cases where the auditor performing an audit assumes that due to their own experience and the number of audits they have performed, they know everything about the standard, and their opinion cannot be challenged

Another pitfall is when auditors assume that some of the requirements – as written in the standard – is more relevant or important to the audit, the standard, the management system and the company than is in fact the case.

Auditor’s opinions, irrespective of experience or number of audits performed, are subjective and do not have any relevance or function in an audit situation.

Classifying the audit findings

Classification of major or minor issues in audit findings result in an unclear or inconsistent audit. Although the textbook definitions are quite clear as to what constitutes a major or minor finding, on occasions it may be difficult to differentiate. 

The two simple questions for minor findings in OFI and OBS are:

  • Should it be complied with? If so, it is a minor; and
  • Will it improve the effectiveness and compliance of the system? If so, it is an OFI or an observation.

Auditors are not encouraged to direct or advise the companies they audit, this is because the auditor’s involvement as an adviser could be construed as a vested interest, which would corrupt the audit process. Moreover, if the company complies with the auditor’s direction which results in damage to the company, the auditor can be held liable.

Follow up and closure 

This area of the audit is the most critical of all. If the corrective action to an audit finding is not successful, then the audit and the audit findings were a wasted exercise. To avoid this, auditors must act in a timely and diligent manner at the following stages:

  1. Review of suggested root cause and corrective actions sent by the auditee.
  2. Timeline for completion of corrective actions and criteria for measuring successful outcome.
  3. Actual follow up and assessment of results with the auditee.

The pitfalls listed above have two themes, familiarity and longevity, as the root cause of failure. learning about these issues and themes is critical to overcome bad habits.

Above all, the auditors’ main duty is to provide honest, unbiased, objective service to those companies it audits. Below are a few simple tips:

  1. As an auditor, read the standard slowly once every three months to keep the details fresh in your mind, and avoid forming personal opinions or interpretations.
  2. Do your best to make every audit a value-add experience to those involved. If you are direct, friendly, and positive it will encourage a similar reaction from the auditee
  3. Remember your primary objective:

- Examine what exists in the company management system at the time of the audit, both positive and negative.

- Provide an objective report at the end of the audit process, which can be used by the company to correct noncompliance and improve its management system.