ISO 19011 is focused on the audit management that must be carried out in the risk management system, although it is not a certifiable standard, it provides a series of recommendations that help companies to have an adequate management and establish the audit plan to comply with the legal requirements that are demanded by the control entities.
Normally, organizations that implement risk management must conduct periodic audits to verify whether the action plan implemented is being effective and providing the expected results.
However, auditors play a very important role in risk management, since they are the ones who identify if the management is being carried out correctly, if the controls are effective and if it is complying with the required standard.
With Pirani you will be able to manage more efficiently the processes, risks, controls, events and action plans associated with Corporate Governance, so your organization will be prepared for the periodic audits it will have to undergo.
Auditors who perform the role of auditors must be honest, diligent, responsible and fully comply with all legal requirements of this position, be competent, impartial and not be influenced by anyone or anything while auditing.
The auditor must be accurate and truthful in the information provided, such as reports, documents, records, evaluations, controls, among others. He/she is obliged to disclose everything he/she observed and identified during the audit. Communication must be direct, transparent, truthful and complete.
The manner in which they operate must be very careful, since they are the ones who have the power to make judgments during the audit.
One of their principles must be the handling of information and its security. Discretion is very important while performing the audit, since during this process they acquire a lot of information that must be protected. It is important to emphasize that you cannot use this data inappropriately.
It must be impartial and act independently, in the case of internal audits the auditors must be alien to those responsible for risk management. They must always be objective in order to acquire truthful findings and conclusions.
It is the method used for the conclusions of the audits, the information obtained must be verifiable, as this is the evidence of the study conducted.