This article was published on the 13th February on Bywater’s site
With this article I’m hoping to prompt discussion about the auditor pool we select from, particularly internal auditors. This started after a comment from a 3rd party certification body where I was told their issue was succession planning and how to deal with an auditor pool where the majority of individuals were well past ‘normal’ retirement age. Now, as a ‘seasoned’ quality professional, I’m all for opportunity at the end of my career and there is great logic in having a good selection of experienced people in your ranks but, as in all things, there has to be balance.
Mirroring the suite of Management System Standards coming out of ISO’s technical committees there seem to be endless ISO / IEC 17021 – xx documents describing 3rd party certification auditor competence and, in the brave new world of demonstrated ability, these documents don’t define auditor competence by a minimum length of stay in a particular technical sector. As a colleague described it: 20 years experience on a cv can be demonstrated progression in a chosen field or one year’s experience repeated 20 times. Nevertheless it takes time to understand sector context, industry tools and techniques, jargon used and regulatory requirements that apply, all things covered in the latest draft of ISO 19011 and 17021 – 3, and hence you need some mileage on the clock to pick them up.
What about internal auditors, do the same rules apply? I say no. Auditors should be selected based on personal capability and behaviours, in particular intelligence and curiosity. If you are lucky enough to be able to afford one, look no further than your graduate programme. These are the best of the new intake to the organisation, proven to have enthusiasm, perhaps tested on assessment days and identified as the ‘best of the best’.
When graduates join you on day 1 they are all desperate to get under the bonnet of your organisation and understand how it works. As an early part of their graduate scheme get them auditing your management system. They bring with them latest thinking and technologies in their field and an inquisitive nature. With the licence to follow their nose, communicate with people working at all levels in the process(es) you operate and to challenge current thinking they can provide a real ‘fresh eyes’ look at what you do.
Of course they’ll need some training in your audit process and as they go they’ll make mistakes and tread on some toes but my bet is that you will get some real nuggets from their insight and fresh thinking about your way of working including how your system is portrayed in systems including documents. The individuals will gain a great deal, too. Having to challenge senior colleagues if poor practices or ineffective controls are found and then to have to report back to function managers is character forming.
Give it a go, particularly if your current internal audit programme is seen as a check box exercise and results generally fall into the ‘And? So what?’ category. This way of holding a mirror up to your organisation is bound to give you value way beyond what you expend.