6 Responses

  1. Bill Hackett
    Bill Hackett at |

    Mickey,

    Thank you for confirming what I have always thought regarding small businesses, which all of my clientele are. I always have to explain, and calm down, these clients and it’s good to know I am not the only one addressing such “over kill” or requirements.

    Reply
  2. Graham Brown
    Graham Brown at |

    Thank you Mr. Christensen for a sensible article. I often think that the standards writers do not provide for small businesses, which in many cases may be a part of a much larger, maybe multinational, organisation. Death by auditing is becoming far too common because the “rules”, such as ISO 19011, are required to be followed precisely, no matter what the size of the business unit is. The problem is that these audits do not provide value but are conducted to satisfy the parent company’s certification requirements. An addendum, qualification or separate section in ISO 19011 relating to small business would appear to be warranted.

    Reply
  3. Michael Weissman
    Michael Weissman at |

    Thank you Mr. Christensen for the article. For some reason the industry still thinks of business size in terms of the number of its employees , where in reality in a digital automation age – the business should be classed based on revenue. Another point is that the audit is aimed to check company processes to meet policies and objectives and risk controls . Process failure can cause catastrophic impact regardless if the business is small or large. With this in mind , I am not sure if creating separate sections in ISO 19011 specifically related to small business would not cause at the end a diminishing effect on the audit

    Reply
    1. Curt Crumholt
      Curt Crumholt at |

      As a fellow auditor from Baton Rouge, I truly enjoyed your article, given my greatest professional challenges is to conduct audits that provide value to all involved without being a participant in “Death By Audit”.

      Reply
  4. Jackie Stapleton
    Jackie Stapleton at |

    Couldn’t agree more Mickey. I also find there is a LOT around managing the audit programme which can become confusing for small business. In some instances, as you mention this is part of the system OR it could be part of the process that the auditor also manages. It does seem overly complicated.

    Reply
  5. Dave Tootell
    Dave Tootell at |

    A very interesting opinion piece – thank you. In my opinion, ISO ISO 19011 is not designed to be a standard or requirement, rather it provides guidance for businesses of all sizes as they undertake their audit activities. As stated on page vi, “this guidance should be adapted as appropriate to the scope, complexity, and scale of the audit programme” – there’s no need to approach anything like “death by audit”. The business needs to audit as much as it needs to and not because it has to. So I view ISO 19011 as a framework for organisations to adopt a sensible and pragmatic approach to first and second party audits and the activities described within the guidance. I would add that there is no need for any auditor to audit his or her own work. I am currently setting up my own one-person business and I will be employing an experience management systems auditor to undertake the handful of audits I think my business will need – I will not be auditing my own work. There is lots of good stuff in this guidance – perhaps it just needs better interpretation in the audit arena?

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.