There are two distinct roles that an organisation with a management system(s) should appreciate:
- A “System Consultant” is a person that provides system advice and development support. They are a specialist that an organisation voluntarily uses to assist with adequacy of their management system(s).
- An “Auditor” and/or “Certification Body” verifies management system compliance against the respective standard(s).
Whilst an individual may be skilled in both roles, there are restrictions that prohibit an auditor/certification body from performing both roles for the same organisation. The conditions for providing audit and certification services are defined in ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems.
ISO/IEC 17021’s principles include “impartiality”. The standard provides that an Auditor/Certification Body must not participate in the design, implementation or maintenance of a management system that they are auditing and certifying.
By way of providing further clarity, the following definitions derived from ISO/IEC 17021 may assist:
a) preparing or producing manuals or procedures, and
- b) giving specific advice, instructions or solutions towards the development and implementation of a management system.“
- The standard against which certification is being sought,
- The content and implementaion of the system being audited, and
- The audit process itself.
- If an organisation’s auditor/certification body provides consultancy services to that same organisation, the certification process is at risk (so too is the certification body’s accreditation).
- Organisations should avoid expecting auditors to provide systems advice and/or instruction.
- If there are system development needs or queries, even when arising from the audit process, an organisation should either resolve the matter themselves or engage a management system consultant.