The Auditor From Hell!


Sadly folks, he is alive and well and ready to inflict misery on a company near you. I can say that I have seen him with my own eyes, and he is not pretty. But what do we mean when we joke about this comedy incompetent? Well, here’s what I see most often

Planning is for wimps!

A significant part of my lead auditor courses are devoted to audit planning, and everyone immediately sees why “planning” is so important. But how often do you get anything resembling an audit plan from your third party auditor? If you’re lucky you may get an unexplained list of clauses that he intends to cover, but does he give you a timetable? I have seen several examples where an auditor has turned up to perform a multi-site audit without giving an indication even which site he intends to visit on a given day. Why is this important? BECAUSE THE WORLD DOES NOT REVOLVE AROUND, OR STOP FOR, THE AUDIT!

Clients are busy people. They have specific working patterns, customer visits, operational pressures THEY NEED TO KNOW. The reason auditors don’t like drafting audit plans, of course, is that planning is usually NON-CHARGEABLE. It is a pre-audit activity that most third party auditors (as non-salaried sub-contractors) don’t get paid for. Is that an acceptable excuse? I don’t think it is

Additionally, on more than one occasion, I’ve heard an auditor insist that he must cover “all clauses on each site”. What is the rationale behind that? Different sites usually do different things, some things (design for instance) may be limited to one site. Top management functions are often housed at HQ. This approach is a nonsense and only confirms that this guy probably does not understand the concepts of process, system or the general dynamics of an organisation.

The audit scope? Why, my pet subject, of course

All audits should be performed to an agreed audit scope. The scope being defined as the limits and boundaries of the audit. The application of a scope naturally assumes that some things are going to be outside the scope of an audit. But what happens if that turns out to be your favourite thing in the whole world? On a couple of occasions I have seen “health & safety” listed as a topic to be reviewed during a QMS audit to ISO 9001. Well, important as this may be (and with the possible exception of “noise” as referred to in clause 6.4), it is sadly outside the scope of ISO 9001. Other auditors, I find, have an inordinate fondness for auditing cosy subjects like training records, with a disproportionate allocation of time between operational and back office functions. Why would this be? Well, I could suggest that back office functions usually involve being nice and warm, sitting down and being supplied with regular tea and biscuits (see below), whereas operational aspects can be cold, noisy, wet and involve too much standing up. And none of us likes that!

The Blabbermouth

When the auditor is talking he is gathering no useful information, and some of them do A LOT of talking. Oh, the places he’s been, the companies he’s “added value” to (see below). A hero indeed. Even if these stories are ever true (and I do have my doubts about most of them) they are wholly irrelevant to the execution of the day job. A critical quality of a competent auditor is knowing how to shut up and listen. Blabbermouths often like boasting about their glorious achievements and any horrors they have encountered. Thrilling those these tales may be, remember one thing, next week it is likely to be you he is talking about.

Mr “disaster waiting to happen”

Auditors need to understand that risk is a function of likelihood and severity, and that proportionality of controls relies on an accurate assessment of these factors. Not all auditors have allowed this penny to drop, unfortunately. Many see it as their job simply to identify a risk, and then demand some sort of action, irrespective of the magnitude. In the English speaking world, we call them nit-pickers. A term with a questionable linguistic origin, but we all know what it means, and it fits all too many practitioners

Back of a Fag Packet Audit Reports

Q. What is an audit report?

A. Management information

That’s what an audit report is, pure and simple. Or at least that is what it can be. Trouble is, our auditor from hell likes his short cuts. This can involve the use of pre-populated audit reports, consisting of a range of stock cut and paste conformity statements. Highly useful management information, I don’t think. The very idea that you can audit a College on one day and a waste contractor on another and write pretty much the same report and consider that to be OK is ludicrous

The “Value Adder”

If we are to believe the marketing departments of certification bodies, they will be sending some sort of turbo-charged Tom Peters who will (at the same time as doing the conformance audit) perform an insightful diagnostic on our business and deliver a treasure trove of hitherto unknown facts that will give our business “the edge”. This is ludicrous, of course, not least because that if it were true they’d be able to charge a heck of a lot more per day than they do. Unfortunately some third party auditors appear to have swallowed the hype hook line and sinker. The result? An audit report crammed with bizarre “AFIs” which, for the sake of politeness, we are supposed to receive as sage nuggets in the closing meeting. You could call this harmless, but there are generally two problems that this obsession can cause. First it distracts them from the day job – performing a conformance audit – and second it can clog the process up with pointless and irrelevant data

The biscuit bandit

In the colonies your equivalent may be known as the Donut Bandit, but he will exist. This fellow will be no trouble at all provided you keep him copiously stoked up with his snack of choice. Unfortunately he may be highly reluctant to visit any area where the snack is not to be found, resulting in a highly superficial scrutiny of these functions with sub-standard levels of hospitality, like operations.

Who is to blame?

I’ve heard many people blame the IRCA and trainers for this dearth of competence but, while I do accept there are some rotten trainers around, I think on balance that is unfair. You might say I would say that. In general terms the responsibility for ensuring that your staff are competent lies with you, the employer. Trainers may or may not help, but if the training has been ineffective YOU DEAL WITH IT. Even if the training has been excellent, how long can you expect the effects to last? I know better than anyone else what a transient influence I am on my customers. I may spend 5 days of my life with them, then I am gone. What happens when we go our separate ways? I rarely find out. Blaming the trainer is like blaming the driving school that taught a driver that caused a fatal accident. Does that ever happen? No, and with good reason, it would be nonsense. For me the responsibility lies with the certification body and it would be nice if they were prepared to live by the requirements of clause 6.2.2, rather than just expect that of their clients

This entry was posted in Auditing and tagged , , , , , . Bookmark the permalink.

4 Responses to The Auditor From Hell!

  1. Rob says:

    All sensible stuff here. We’ve been developing a new approach to internal auditing since Xmas. It’s starting to come together. It may be worth you popping in a couple of months? May be something that can be developed further by yourself?

  2. Shaun says:

    Glad to hear things are moving on. You certainly started things the right way by involving your team and asking things like “what are we trying to achieve?” and “what are our customers’ priorities for our management system?”. This was always going to be a good starting point if your end game was this elusive “value”

    There are a lot of discussions and threads on how to get value from internal audits, but I rarely find the resultant debates particularly realistic. They generally get bombarded with generic platitudes from pontificating consultants, whereas I am always nervy about generic one size fits all answers, as we don’t all have the same objectives, customers, cultures or priorities. As an example, I’ll be doing something similar to what I did with you with a College next month. I have no idea what will be the outcome, I just know we’ll try to follow a similar process to get at it. Even though your system appears to work for you, they may want something different, and who am I to argue?

  3. This a good diagnostics of happenings in the industry. Your observation could not have been more true in all parameters. Auditors have to inculcate in themselves what they are preaching to others. Planning is an essential ingredient of planning, and if you don’t get this right, the outcome is doomed to failure.

  4. Ashok Deobhakta says:

    A thoroughly enjoyable article-An audit report on an auditor. They say humor is a serious business.
    But such material can be an excellent training exercise.
    The real culprit, of course is clause 6.2.2, as pointed in the concluding lines of your blog. I remember,a leading certification body, in the UK, had a cell designated for Calibrating their auditors, before the auditors were empaneled and to maintain their competence regularly. I am sure they must be continuing with their programs, even now. But, your article is great.

Leave a Reply

Your email address will not be published. Required fields are marked *