What is the difference between a “System Consultant” and an “Auditor/Certification Body”?

There are two distinct roles that an organisation with a management system(s) should appreciate:

  1. A “System Consultant” is a person that provides system advice and development support. They are a specialist that an organisation voluntarily uses to assist with adequacy of their management system(s).
  2. An “Auditor” and/or “Certification Body” verifies management system compliance against the respective standard(s).

Whilst an individual may be skilled in both roles, there are restrictions that prohibit an auditor/certification body from performing both roles for the same organisation. The conditions for providing audit and certification services are defined in ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems.

ISO/IEC 17021’s principles include “impartiality”. The standard provides that an Auditor/Certification Body must not participate in the design, implementation or maintenance of a management system that they are auditing and certifying. 

By way of providing further clarity, the following definitions derived from ISO/IEC 17021 may assist:

Management system consultancy is defined as “participation in designing, implementing or maintaining a management system
EXAMPLE:
  • a) preparing or producing manuals or procedures, and
  • b) giving specific advice, instructions or solutions towards the development and implementation of a management system.
A third-party certification audit is defined as an “audit carried out by an auditing organization independent of the client and the user, for the purpose of certifying the client’s management system.”
In effect, an auditor’s boundaries pertain to:
  1. The standard against which certification is being sought,
  2. The content and implementaion of the system being audited, and
  3. The audit process itself.
So what?
  • If an organisation’s auditor/certification body provides consultancy services to that same organisation, the certification process is at risk (so too is the certification body’s accreditation).
  • Organisations should avoid expecting auditors to provide systems advice and/or instruction.
  • If there are system development needs or queries, even when arising from the audit process, an organisation should either resolve the matter themselves or engage a management system consultant.

Leave a Reply

Your email address will not be published. Required fields are marked *

Supporting Business – Systems, Assurance and Training