Auditing vs. Consulting

Auditors want to conduct value-added audits, but they have to be careful not to offer advice that would result in consulting and thereby contaminate their independence.

A “value-added” audit adds value by providing useful information that helps an organization improve its management system and achieve its business objectives. However, this useful information should be limited to reporting nonconformities, evaluating process effectiveness, and identifying opportunities for improvement, not by providing specific solutions.

Auditors certified through RABQSA or IRCA must abide by codes of conduct that require them to act in an unbiased manner. If consulting advice is given, they may not be able to impartially assess their proposed solutions during later audits. You can see the codes of conduct at these RABQSA and IRCA web pages.

ISO 17021 provides requirements for certification bodies. Clause 4.2.4.b of that standard refers to a “self-review” threat to an auditor’s impartiality when an auditor reviews the work either done by the auditor or work resulting from consulting by the auditor.

The correct approach for handling nonconformities is to encourage the auditee to implement their own solutions. The auditor can help by reminding the auditee of the problem solving process used to uncover the root causes and determine the best corrective action.

Organizations may ask auditors for quick solutions to resolve the reported nonconformities. While this might please the auditee, it doesn’t result in long-lasting, substantial improvements. And, if you are a third-party auditor, you might inadvertently share proprietary methods from other audited organizations as you propose a solution.

Auditors add value by looking at more than just conformity to requirements. They need to evaluate effectiveness by analyzing the extent to which planned activities are taking place and planned results are being achieved. They need to find out if the organization is receiving real benefits from the management system, including the level of customer satisfaction with the delivered products and services.

Auditors also add value by adjusting their audit plans to focus on the critical areas of the business, including those areas with significant change and increased risk. Auditors must understand the technical and managerial issues faced by the industry sector in which the audited organization operates.

For more information on this subject, see the “Added value audits versus consultancy” paper at the ISO 9001 Auditing Practices Group web site. You may want to also read “How to add value during the audit process” paper at the same web site.