Risk Management Blog | Pirani

Key Auditor Traits According to ISO 19011

Written by Maria Camila Arévalo | November 23, 2022

ISO 19011 is focused on the audit management that must be carried out in the risk management system, although it is not a certifiable standard, it provides a series of recommendations that help companies to have an adequate management and establish the audit plan to comply with the legal requirements that are demanded by the control entities.

Normally, organizations that implement risk management must conduct periodic audits to verify whether the action plan implemented is being effective and providing the expected results. 

However, auditors play a very important role in risk management, since they are the ones who identify if the management is being carried out correctly, if the controls are effective and if it is complying with the required standard.

With Pirani you will be able to manage more efficiently the processes, risks, controls, events and action plans associated with Corporate Governance, so your organization will be prepared for the periodic audits it will have to undergo.

Principles that an auditor must have

Integrity

Auditors who perform the role of auditors must be honest, diligent, responsible and fully comply with all legal requirements of this position, be competent, impartial and not be influenced by anyone or anything while auditing. 

Impartial presentation

The auditor must be accurate and truthful in the information provided, such as reports, documents, records, evaluations, controls, among others. He/she is obliged to disclose everything he/she observed and identified during the audit. Communication must be direct, transparent, truthful and complete.

Be professional

The manner in which they operate must be very careful, since they are the ones who have the power to make judgments during the audit.

Confidentiality 

One of their principles must be the handling of information and its security. Discretion is very important while performing the audit, since during this process they acquire a lot of information that must be protected. It is important to emphasize that you cannot use this data inappropriately. 

Independent

It must be impartial and act independently, in the case of internal audits the auditors must be alien to those responsible for risk management. They must always be objective in order to acquire truthful findings and conclusions.

Evidence-based approach

It is the method used for the conclusions of the audits, the information obtained must be verifiable, as this is the evidence of the study conducted. 

Auditor's capabilities

  • Plan the work effectively.
  • Know the risks to which an audit is exposed.
  • Identify the opportunities that may arise.
  • Performing the audit in a timely manner.
  • Establish priorities.
  • To have a clear and direct communication, both written and verbal.
  • Carry out the appropriate methodology to perform the audit (interviews, reviewing documents, records and data).
  • Use sampling tools to collect evidence.
  • Verify the information collected.
  • Document all information during the audit process.