Auditor & Consultant relationship – The risks
Impartiality risks are a threat to Certification Bodies (CB’s). But they can also pose a significant threat to the client and to other interested parties. Here are a few examples of those threats due to an underlying auditor & consultant relationship, and what can be done to eliminate them.
Example 1: The Certification Body operates an associated consultancy.
Whilst a certification body is not allowed to offer consultancy, it is common practice that CB personnel operate or have involvement in consultancies as a separate business (and a clear auditor and consultant relationship exists). This poses a risk to a number of interested parties. First of all, the certification client may be sceptical of audit findings, knowing the auditor might refer its sister consulting company to come in (again, for a fee), to fix up the issues. Secondly, if the client already uses a consultant, how can the consultant trust that the Certification Body isn’t going to come in and use inside information (via the audit process) to undercut the existing consultant and offer the services of its sister company? Thirdly, if the audit body and consultant are too closely attached, the auditor is in effect auditing their own work. If I am auditing the work my sister company has produced, can I really offer an impartial opinion?
One way of mitigating these risks (and the method Adaptive Certifications uses), is for the certification body to refuse certification services altogether (that is, by any auditor, not just those who have consulted) to any client of an associated consulting body. In our case, the clients of 3 consulting bodies are barred from our certification services, as the relationship has been deemed too close. Whilst this may result in lost opportunities (we run a “do not certify” register of clients who may otherwise be happy for us to certify them), the risk mitigation gives other consultants assurance that their clients are in good hands and won’t be poached and gives the client additional confidence in audit findings. As the saying goes, sometimes by closing one door, others open.
Accreditation Information | Adaptive Certifications | Australia
Example 2: A certification auditor also works as a consultant.
This is a common occurrence – after all, a consultant with much experience in management systems is also well-placed to carry out audits. One of the threats this may pose is the auditor may be tempted to raise issues during the audit and then offer to come back to fix them as a consultant (for a fee, of course!). Be wary of an auditor offering this, and ensure it is reported to the certification body.
An auditor must not sell their consulting services during an audit. Should the client learn through other channels that the auditor is a consultant and wish to use them as a consultant, a proper process will ensure the auditor’s original findings are accurate and not self-motivated. In cases where an auditor may be selected and has already consulted, audit bodies must have a process to ensure this does not occur. The most common mitigation for this risk is to ban an auditor from auditing a client they have consulted within the past 2 years.
Example 3: The client has had the same auditor for many years.
This may seem beneficial to the client because either “better the devil you know” or “the auditor knows our business very well” can pose a significant risk to the client. Auditors, like all people, can become complacent over time, and miss obvious issues that don’t get picked up in an audit. Whilst this may seem handy for the client (we all want to pass, right?!), it’s not handy if the client is consistently breaching a legal requirement and ends up with fines, or worse, someone injured, because their systems weren’t effective, and the auditor overlooked it.
It can also pose a problem when the client inevitably gets a new auditor, as the new auditor might quickly realise the client is nowhere near compliant. Going from an easy pass one year (with a complacent auditor) to major nonconformances the next (with a new, more effective auditor) is never nice.
One way of mitigating this risk is to vary audit team members. Whilst it is not good to have a new auditor every year, it is good practice to at least add an additional team member every few years to provide some fresh insight. This is helpful for both the auditor and the client. Ultimately, where there is too much familiarity (and potential complacency), it is also helpful to transfer to a new lead auditor altogether at some point. After all, there is nothing like a fresh set of eyes.
Example 4: The Certification Body provides “kickbacks” to consulting bodies to win their work.
Certification bodies are not allowed to advertise that certification will be cheaper, easier or shorter by using a particular consultant. That said, some CBs have found a way around this by offering discounts on their certification fees to clients of consultants that sign up for their referral programs (yes, it’s a fine line – and they seem to get away with it!).
At Adaptive, we avoid this risk by making it our policy not to offer inducements to consultants. And to counter the discounts offered by other CB’s, we just don’t charge certification fees to begin with! After all, if these can be reduced and cancelled to win a client, the question must be asked – what were they being charged for in the first place?!
About us!
Adaptive Certifications treat impartiality seriously (especially in an auditor & consultant relationship) and consider the needs and expectations of all interested parties, including certified clients, consultants, and auditors. If you are interested in our services, we would love to hear from you today!! – Adaptive Certifications | Management System Certification | Australia
ISO Downloadable Guides & Minimum Requirements (adaptivecert.com.au)