The latest revision of the ISO 19011 standard on Guidelines for Auditing Management Systems stripped out language that required auditors to comply with applicable laws of their auditee clients.
Clause 4 of the standard, entitled “Principles of Auditing” previously listed five bullet points related to how auditors shall display “integrity.” One of those was a requirement that auditors “observe and comply with any applicable legal requirements.” In the ISO 19011:2018 version, however, this requirement was removed, leaving only four list items left. The other requirements were left intact, with one being slightly reworded.
Some users have argued the requirement was moot, since documenting a need to comply with laws is redundant with the applicable laws themselves. However, the requirement had existed since the 2002 version of the standard, and has slowly been eroded with the last two revisions. This could be misinterpreted by some as suggesting laws don’t apply to auditors. It also no longer requires auditors to familiarize themselves with applicable laws before performing work for a client. For auditors who travel frequently, and who may not be familiar with laws in countries or states other than their own, this increases the risk that auditors will then violate such laws.
Overtly illegal and potentially illegal activity by ISO 9001 and other management system registrar auditors is a growing concern. Multiple reports of illegal activity performed by the auditors themselves routinely go unpunished,including where auditors engaged in intellectual property theft, violations of confidentiality agreements, illegally exchanging trade secrets, financial fraud, defamation and libel, sexual harassment and more.
The Chair of ISO/PC 302, which authored the revised standard, was Denise Robitaille. Ms. Robitaille did not respond to a request to clarify the reason the requirements were stripped; similar requests were ignored by Lance Coleman, Alister Dalrymple and other known representatives of PC302.