Requirements for Certification as an. IRCA Auditor (All Schemes)

Transcription

1 Requirements for Certification as an IRCA Auditor (All Schemes)

2 Requirements for Certification as an IRCA Auditor (All Schemes) Contents Note: This contents is hot-linked. Click on a section to be taken to that page. 1. Introduction to IRCA Auditor Certification p Certification Grades and Summary of Grade Applicabilities p Instructions for Initial Certification, Maintenance of Certification, Renewal of Certification and Changing Your Certification Grade (Regrade) p How to: Make an initial application p How to: Maintain your certification p How to: Renew your certification p How to: Regrade p IRCA s evaluation process: What we do p Essential Guidance for Application p General p Guidance on educational requirements p What audits do we accept for certification? p What training course certificates does IRCA accept? P Guidance on continuing professional development (CPD) p Guidance on work experience p Guidance on applying for transfer to Principal Auditor p Auditor Certification Criteria p Internal Auditor and Provisional Internal Auditor p Auditor and Provisional Auditor p Lead Auditor p Principal Auditor p Renewal of Certification Criteria and Requirements p Terms and Conditions p Appeals and complaints p Enforcement of certification p Confidentiality p Legal status p Fees p IRCA

3 Appendix I p Scheme-specific requirements and guidance are given for the following: Appendix II Part 1 - Quality Management System Auditor Scheme p. 26 Part 2 - Environmental Management System Auditor Scheme p. 27 Part 3 - Occupational Health and Safety Management System Auditor Scheme p. 28 Part 4 - Information Security Management System Auditor Scheme p Part 5 - Information Technology Service Management System Auditor Scheme p. 31 Part 6 - Business Continuity Management System Auditor Scheme p Part 7 - Energy Management System Auditor Scheme p Part 8 - Pharmaceutical Management System Auditor Scheme p Part 9 - Aerospace Quality Management System Auditor Scheme p Part 10 - TickIT Auditor Scheme p. 41 Part 11 - Food Safety Management System Auditor Scheme p Part 12 - Social Systems Auditor Scheme p Part 13 - EICC-GeSI Auditor Scheme p Part 14 - Maritime Auditor Scheme p Part 15 - SSiP Assessor Scheme p Definitions p. 59 Appendix III IRCA Code of Conduct p. 60 Copyright IRCA 2012 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without prior permission of the International Register of Certificated Auditors (IRCA). 2

4 1. Introduction to IRCA Auditor Certification Commitment to professionalism IRCA auditor certification demonstrates your commitment to the profession through: a) Your demonstration of required knowledge and skills, gained through work experience, training and audit experience, to: Plan and organise an audit of a management system (MS) Identify, understand and audit relevant business processes Sample and evaluate audit evidence, and determine the effectiveness of a management system Report audit findings and conclusions accurately Communicate clearly, both orally and in writing, with personnel at all levels of an organisation Plan, organise and lead the audit team, and manage the audit process. b) Your adherence to principles of proper ethical conduct, fair presentation and due professional care, as articulated in the IRCA Code of Conduct c) Your commitment to continuing professional development (CPD) d) Your commitment to provide value to: The users and stakeholders who rely on management systems audits to establish if the organisation s management system can consistently meet customer and applicable regulatory requirements The auditee by providing management with information regarding the organisation s ability to meet its management system-related business objectives; identifying problems that may prevent the client from meeting its management system-related business objectives; and identifying meaningful opportunities for improvement, as well as those areas of risk that are not yet identified or managed. When you achieve IRCA auditor certification, you join over 14,000 management systems auditors in over 120 countries who share your professionalism and commitment, and benefit from: A globally recognised qualification, valued and often required by employers and clients Entry on to our publically available online register of auditors, which is used by employers globally Your individual certification card, to demonstrate your certification to clients and employers Your auditor certification logo, for you to use on your stationery and documents The IRCA system of continuing professional development, to support your career progression through always being able to demonstrate a currency of skills and knowledge. 3

5 The IRCA schemes To be efficient and competitive, business and industry needs competent auditors. The purpose of our management systems auditor certification schemes is to provide confidence through accredited certification, and to show business and industry that auditors certificated to these schemes are competent. As part of the certification process, we will evaluate you against requirements that reflect the key skills, knowledge and experience that define competence and which you, the management system (MS) auditor, need to possess and to demonstrate during an audit. Each scheme is based on a key standard, such as: ISO 9001: Quality management systems Requirements (latest issue) ISO 14001: Environmental management systems Requirements (latest issue), etc And each scheme is influenced by the following auditing standards: ISO 19011: Guidelines for auditing management systems (latest issue) ISO 17021: Conformity assessment Requirements for bodies providing audit and certification of management systems (latest issue). Our award of certification means we have recognised that you understand and are competent (depending on the grade awarded) to: Uphold the principles of proper ethical conduct, fair presentation and due professional care Communicate clearly, both orally and in writing, with personnel at all levels of an organisation Plan and organise an audit of a management system Identify, understand and audit relevant business processes Sample and evaluate audit evidence, and determine the effectiveness of a management system Report audit findings and conclusions accurately Plan, organise and lead the audit team, and manage the audit process. The scope of certification is general. You may select from a list of up to six standard industry sectors in which you have acquired work experience. These details, although included within the register, are self-declarations and outside the scope of certification. The details of all certificated auditors are included within a register that is publicly available. The schemes are intended for: Auditors, eg those for whom auditing is a significant part of their role, including supply chain auditors, those employed by certification bodies/registrars, and those conducting audits within their own organsations Practitioners, eg consultants, audit programme managers, and others involved in auditing through the development and maintenance of management systems, auditor training and standards development. 4

6 2. Certification Grades and Summary of Grade Applicabilities Most auditor schemes have four main grades of certification and two provisional grades. However, some schemes have different/limited grades, or different terms (eg Assessor). Please refer to the respective appendix for further guidance on any scheme. Grade Applicability Guidance notes Internal Auditor Provisional Internal Auditor Auditor Provisional Auditor Lead Auditor Principal Auditor You should consider this grade if you conduct internal partial system audits of your organisation s management system, or a supplier s management system. It is likely that you will not be a fulltime auditor, and you may only audit a few times each year. Whilst the internal auditor grade requires the applicant to have conducted audits, the provisional grade does not. It is therefore appropriate for professionals who have attended an internal auditor training course, but that do not or have not had the opportunity to conduct audits, yet wish to receive formal recognition of their ability. The auditor grade is appropriate for those that conduct full system audits as part of their role, but do not lead teams. They may be conducting internal full system audits, second-party full system audits, or conducting third-party audits for certification purposes. Whilst the auditor grade requires the applicant to have conducted audits, the provisional grade does not. It is therefore appropriate for professionals who have attended an auditor training course, but that do not or have not yet had the opportunity to conduct audits. Most auditors working for certification bodies are lead auditors, as are auditors who perform supplier audits for large organisations. This grade is reserved for competent auditors experienced at managing audits and at leading teams. This grade is intended to recognise the considerable experience and competence of: Management system consultants who design, implement, evaluate and maintain management systems and conduct consultancy audits on behalf of their clients. Sole auditors (previously IRCA-certificated to lead audit teams) who now undertake audits on their own (ie as a team of one, performing all aspects of an audit without assistance) Audit managers and audit professionals (previously IRCAcertificated to lead audit teams) whose career has taken them away from direct involvement in conducting audits, but who can demonstrate ongoing currency of applicable discipline knowledge, and audit knowledge and skills through other management system and audit-related activities. For example: o Audit programme managers (first-party in large and complex organisations, and those with overall responsibility for second-party supplier audits) o Those involved in audit and management system o o standards development Certification body managers, (third-party audits) including persons carrying out technical reviews and authorising certification decisions Those carrying out original design and development of auditor training, and delivery of IRCA-certified auditor training. Partial system audits are audits that do not cover the entire management system in a single audit. They are commonly departmental, or focused on a particular process, procedure or requirement. It is important to note that the training course certificate is valid for initial application for a period of three years, after which it will no longer be accepted for auditor certification in an initial application. Internal full system audits are accepted. See 4.3 f (p.10). Training course certificates are valid for a period of three years, after which they will typically no longer be accepted for auditor certification in initial application (see 4.3b). However, once registered at the provisional auditor grade and as long as the CPD requirements are met, you will be eligible to apply to upgrade to Auditor and Lead Auditor status, should you start to conduct audits and lead audit teams at any point in the future. Internal full system audits are accepted. See 4.3 f (p.10). Internal full system audits are accepted. See 4.3 f (p.10). 5

7 3. Instructions for Initial Certification, Maintenance of Certification, Renewal of Certification and Changing Your Certification Grade (Regrade) 3.1 How to: Make an initial application Step 1 Select the grade you want to apply for by reviewing Section 2 of this document (p. 5), and checking that you meet the requirements outlined in Section 5 (p. 15) and the relevant scheme appendix (p.26-58), in terms of: Relevant work experience Required education/qualifications Required auditor training Required audit experience (except for provisional grades). Step 2 Complete the IRCA auditor certification application form (available at Indicate which discipline(s) and grades you are applying for, and attach evidence as required. We accept applications and supporting documentation in the following languages: English Japanese Spanish. For all other languages, the application must be accompanied by a certified translation (into English) of the original text. This is particularly important for educational qualifications, training courses and work experience. Step 3 Submit your completed application form and fee: Current auditor certification application fees are available at the IRCA website ( You may submit your form electronically by , or by post to: Address: registration@irca.org IRCA, Chancery Exchange, 10 Furnival Street, London, EC4A 1AB, UK See the What we do box later in this section to learn how we manage your application. Do not send the annual certification fee. If your application is successful, we will write and ask you to pay the annual certification fee. Step 4: Pay your first annual certification fee. After we have evaluated your application, we will communicate the grade of certification we can offer you or indicate what extra evidence is required to achieve auditor certification. If you wish 6

8 to accept our offer of certification, pay your first annual fee and you will receive your first IRCA auditor certification card, and be placed on the IRCA online register of auditors. Once your application is successful, we award certification for a period of three years beginning from the month we award certification. This three-year period is referred to as the certification period. During the certification period, at the end of the first and second years you may maintain certification by payment of the annual certification fee, and by compliance with the Code of Conduct. We don t, however, require you to submit any other documentation at the end of year one and year two. At the end of the third year, all certificated auditors are required to complete the triannual renewal of certification process. 3.2 How to: Maintain your certification Your entry onto the IRCA online register of certificated auditors is dependent on you paying your annual certification fee every 12 months (starting from your initial certification date) and by compliance with the IRCA Code of Conduct. 3.3 How to: Renew your certification We don t require you to submit any other documentation at the end of year one and year two. At the end of the third year, all certificated auditors are required to complete the renewal of certification process by providing evidence of continuing professional development, audit experience (depending on grade) and declarations of ongoing compliance with the IRCA Code of Conduct, including any complaints against you. If you are successful at renewal, we will award you certification for a further three-year certification period, and so on. Please refer to Section 6 (p.21) for the grade-specific renewal criteria. We will write to you two months prior to your certification expiring to remind you that your renewal is due. 3.4 How to: Regrade You can apply to be regraded at any time. When we offer you initial certification, we will indicate the audit experience and Competencies you need to attain the next grade(s) of certification. To apply for regrade, you should complete IRCA/106 log sheets, enclose any additional information requested, and send it to us with the regrade fee. Please visit for costs. A successful application for regrade will not normally result in a change to your renewal of certification date. There is no regrade fee if you are regraded as part of the (three-year) renewal of certification process. Please contact us if you need any further advice on how to regrade. 7

9 3.5 IRCA s evaluation process: What we do We usually take about four weeks to process each application, but that time may vary depending on the time required to verify the information submitted with the application. Giving us all the information we need will speed up the application process, which has four stages: 1) Administrative check All applications are checked first by our certification staff to make sure you have included all of the information that we need. 2) Technical evaluation This phase is performed by IRCA's technical experts; the reviewing officers. The reviewing officers evaluate the information submitted against the certification requirements, then they will perform a verification of some or all of this information. At the conclusion of the technical evaluation, the reviewing officers will make a recommendation on certification to the certification manager. We consider verification to be an essential element supporting the overall credibility of the certification process. Consequently, great care is taken by the reviewing officers in reviewing and verifying applications against all aspects of the certification requirements. We will perform the evaluation as speedily as we can, but sometimes it is not possible to be as quick as we (or you) would like. Processing your application is likely to take longer if you have unusual educational qualifications, if your current (or former) employers are slow to provide verification information, or if the auditee organisations are not helpful. Typically, certification decisions will be made based on the documented information provided by the applicant. However, IRCA will, at its own discretion, invite a number of applicants for interview to verify the information provided, and evaluate the understanding of the auditor. 3) Certification The final decision on your certification is made by the certification manager. The certification decision is performed independently of the technical evaluation process detailed above. 4) Offer and award of certification The certification manager will write to you formally with an offer of certification to the appropriate grade. We will send you this offer and ask you to pay your first annual fee. Certification will be awarded when we receive your payment of the annual fee. Your details are then added to our online register of certificated auditors, and we will send you your certification card. Although the card is issued to you, it remains our property and you must return it to us should we ask you to. The IRCA certificate is intended for display as a formal recognition of your certification to a specific grade you should not use it as proof of certification. Please contact us if you wish to purchase a certificate. 8

10 4. Essential Guidance For Application 4.1 General a) Certification is available, without restriction, to all individuals worldwide who satisfy the certification requirements b) You must meet the requirements within Section 5 (Auditor Certification Criteria) and any additional requirements contained within the respective scheme-specific requirements (see Appendix I). 4.2 Guidance on educational requirements a) All qualifications submitted must be supported by documentary evidence. An example of acceptable evidence would be a good-quality photocopy of the original certificate indicating the awarding body, the title and date of the award, and the name of the person to whom the award was made. If any of this information is not available or not clear, we may ask you to supply us with more evidence. The same applies if a copy of a certificate is not available, such as when it has been lost or destroyed for example. Acceptable evidence would include an official letter from the awarding body confirming the award. A transcript of an award (ie an official, detailed account of the course content) would also be acceptable evidence if it clearly states the date and title of the award. If no documentary evidence can be supplied by the awarding body, it is unlikely we would accept your qualification. IRCA reserves the right to verify this information with the relevant organisation and/or individual(s) b) Where our criteria states degree or near degree, all postgraduate diplomas, undergraduate and postgraduate degrees awarded in a relevant subject will normally be accepted c) We use the UK definition of a degree as the degree benchmark. But we recognise that not all degrees awarded in the UK and in other countries meet this standard. Many fall just short, either in content or in duration, and we call these near degrees. For the purposes of auditor certification, we recognise a near degree as meeting the tertiary education requirement. 4.3 What audits do we accept for certification? a) We will only accept audits performed during the previous three-year period. We define previous period as being that period immediately prior to the date that we received your completed application b) Audits can only be accepted once the respective training course has been successfully completed. (For example, lead audits conducted before a Lead Auditor course has been successfully completed will not be counted) c) We will only accept audits that have been performed in accordance with the auditing guidance standard ISO or ISO 17021, and against the relevant ISO standard for the scheme you are applying for (or an alternative standard we accept as being equivalent). Audits performed against alternative national, international or company standards may be acceptable. d) We must be able to verify all audit experience you submit in your log sheets. Please make 9

11 sure you include detailed information of the audits you perform, and provide sufficient contact details so that we are able to perform a verification e) If you are already certificated as an Auditor, Lead Auditor or Principal Auditor on one of our other schemes, we will accept other full management system audits such as ISO9001, ISO 22000, OH&S 18001, ISO 27001, ISO 20000, ISO 14001, or acceptable alternatives including combined/integrated audits, where these do not exceed 25% of the total audit experience required. However, these are only accepted for initial certification and at regrade, not at renewal of certification f) Acceptability of internal audits: We will consider accepting internal audits for Auditor, Lead Auditor and Principal grades, providing you can demonstrate that the audit was of the full management system covering all clauses and requirements of the applicable management system standard, and that it was of a part of the organisation from which you are entirely independent (eg separate business unit or sister company). We require you to show on your audit log how many employees the company has, and provide any other information that you feel is supportive and relevant, such as written description of the type of audit, charts, reports, etc g) Acceptability of consultancy audits: We will accept audits performed by you when acting as a consultant for a client if all of the following are satisfied: The client (auditee) already had a fully established management system prior to the audit You had no part in setting up the management system being audited (except in such specific circumstances as described below) You were independent of the auditee The scope of the audit included all elements of the management system. We will also accept pre-assessment audits performed by you on a management system that you were involved in developing, if the certification body subsequently awarded certification at the first attempt h) Acceptability of combined/integrated audits: Where two or more standards are being audited during a combined/integrated management system audit, we will only accept (for initial certification and regrade) the audit days allocated to the relevant scheme you are applying for. For recertification, the full audit duration will be accepted i) Acceptability of surveillance (partial system) audits: We do not normally accept surveillance (partial system) audits when submitted for initial certification or at regrade (except for Internal Auditor). However, we do accept surveillance audits for renewal of certification 10

12 j) Acceptability of on-site and off-site audits: IRCA will only accept on-site audits that have involved a significant amount of interaction with the auditee(s). If the audit is limited to conducting a document review (eg records or data analysis), observation of work performed, completing checklists and sampling (eg products) without interaction with the auditee(s), it is not acceptable. Further, significant onsite preparation time (eg half a day) may not be counted towards the days on site. A maximum of one day s off-site preparation per audit will be accepted k) Acceptability of remote audits: IRCA will accept remote audits as a substitute for the required on-site audit days, where there has been as much interaction between the auditor and the auditee as would occur during an on-site audit. Interaction may be achieved remotely through such means as video conferencing, document and record-sharing systems, etc (remote audit activities are performed at any place other than the location of the auditee, regardless of the distance). If you have conducted extensive remote audits that you feel are suitable, please provide additional information including the scope and nature of the audit, and, if possible, supporting documentation such as audit plans and reports l) Acceptability of audits to standards other than those issued by the ISO: We will accept audits performed against standards that we have evaluated as being equivalent to the relevant ISO standard. We maintain a list of acceptable alternative standards for each auditor scheme, but it is possible that you may claim audits against a standard that is not on this list. We have a formal process for evaluating new standards, and you are advised to contact us for advice where you consider an alternative standard may be acceptable to us. m) Audits we do not accept: Audits of the same management system that are repeated more frequently than once every 12 months Audits of less than one day s duration (six hours of audit activity, exclusive of breaks), except for the internal auditor grade, where we will accept audits of three hours exclusive of breaks Gap analysis, close out or follow-up visits Audits performed before successful completion of the formal training requirement Audits performed outside the accepted three-year period. 4.4 What training course certificates does IRCA accept? a) Ideally, we are looking for you to have a certificate for the successful completion of an IRCAcertified training course. IRCA does accept a very small number of non-irca-certified training courses as being equivalent to its own courses. Please refer to this page on our website: or contact head office for information about accepted alternatives b) You should normally have successfully completed auditor training within the three-year period immediately prior to application for certification. We may accept training completed prior to this period if you provide evidence of recent and relevant continuing professional 11

13 development (CPD), work experience and currency of your auditing skills. We advise you to refer to the IRCA website ( for a current listing of all IRCA-certified training organisations offering IRCA-certified management system auditor training courses c) All training course certificates submitted must be supported by documentary evidence. An example of acceptable evidence would be a good-quality photocopy of the original certificate indicating the awarding body, the title and date of the award, and the name of the person to whom the award was made. If any of this information is not available or is not clear, we may ask you to supply us with more evidence. If no documentary evidence can be supplied by the awarding body, it is unlikely we would accept your training course certificate. IRCA reserves the right to verify this information with the relevant organisation and/or individual(s). d) IRCA does not accept certificates of attendance. Certificates must be of successful completion of a course. 4.5 Guidance on continuing professional development (CPD) CPD is a framework that encourages you to continuously update your professional knowledge, personal skills and Competencies. The purpose of CPD is to make you more effective as an auditor, and to make the auditing profession more credible. The concept of CPD and the value it contributes is now recognised and accepted throughout all professional fields. Any CPD submitted must be in subjects that are broadly related to auditing and the relevant management system. Because there are so many topics that we recognise will enhance your auditing competence, we do not attempt to list them here. But we categorise them into three areas: 1) Management system related 2) Auditing related 3) Technical knowledge related (eg legislation and regulatory updates). CPD weighting We recognise that no single method for learning suits everyone. Therefore, we will accept CPD acquired in ways that range from the very informal (eg reading and self-study) to the formal (eg classroom training). We recognise that some ways of acquiring CPD are more effective than others, so we apply a system of weighting where some activities are accorded more recognition than others. Due to this weighting, one hour of learning may not always equal one recordable CPD hour. The activities are divided into three broad categories: a) Unstructured; where three hours equals one CPD hour Included in this category would be distance and open-learning study that is not assessed and does not lead to a qualification; the reading of professional and technical journals, books and other publications; and relevant aspects of on-the-job training where specific outcomes have been planned and identified. 12

14 Reading IRCA INform, our e-magazine available from or contributing to a relevant online forum such as IRCA s discussion group on LinkedIn, is also accepted. A maximum of four hours of unstructured CPD will be accepted for contribution to discussion forums. Evidence must be documented and verified on IRCA/173 CPD logs b) Semi-structured; where two hours equals one CPD hour Included in this category would be non-interactive lectures, talks etc, informal professional body meetings of a more social nature (networking opportunities), the research, preparation and first delivery of lectures/courses, publishing articles, and forms of open and distance-learning that involve assessment, and that result in the acquisition of a qualification. Note: Repeated training deliveries and lectures/presentations cannot be counted more than once. c) Structured; where one hour equals one CPD hour Examples of this category would be interactive and highly participative training courses and seminars, professional body meetings with formal lectures, and active participation in the development of standards. The range of activities that may be included within each category is extensive, and the small number of examples above is intended to provide broad guidance only. Most auditors submit evidence of activities that includes all three categories, but it is not a requirement that you do so. The only restriction we have is that unstructured CPD cannot constitute more than one-third (ie 15 hours) of the total amount of acceptable CPD hours. It remains your responsibility to provide a case for acceptance of any activity you submit, and this must be supported by sufficient and appropriate evidence. This will involve you making and retaining records of your activities, and having these properly verified where possible. We have developed a CPD and training log sheet (IRCA/173) for this purpose. It is in your interest to provide us with information in a clear, logical and easily understandable format. The speed with which we are able to evaluate and renew your certification will depend on this. 4.6 Guidance on work experience a) Please refer to the scheme-specific appendix document and the guidance section of the application form for information about what will be accepted as experience relevant to the auditor scheme you are applying for b) Short periods of training cannot be included in this work-experience requirement, however apprenticeships and the like may be considered as acceptable work experience. Please provide additional information if you wish any training to be considered torwards your work experience. 13

15 4.7 Guidance on applying for transfer to Principal Auditor Application for transfer from Lead Auditor to Principal Auditor is normally made at the time of renewal of certification. Application for transfer may be made: Proactively when you know your role is going to change. In this case, you may request transfer to Principal Auditor provided you meet the requirements for prior Lead Auditor certification, and also meet the requirements for renewal of your Lead Auditor certification at the time of transfer. Retrospectively after your role has changed and at the next renewal of certification. In this case, you will need to meet the requirements for prior Lead Auditor certification, and also provide evidence of meeting the requirements for Principal Auditor in the three years following your last renewal of Lead Auditor certification. Note: Where your role changes part-way through the three-year certification period, it is likely that you will want to submit evidence that comprises a combination of audits completed, and also evidence of your involvement in other audit and audit-related activities. In these circumstances, use the requirements above as a guide to the evidence you should provide, and the IRCA will evaluate each application on a case-by-case basis. 14

16 5. Auditor Certification Criteria Below are the generic IRCA criteria for becoming an auditor. You must refer to and meet the additional scheme-specific requirements within the relevant part of Appendix 1 also. 5.1 Internal Auditor (see the bottom of the page for Provisional Internal Auditor) Education At least to secondary education level. Work experience Four years full-time experience, or two years with a degree or near degree One year s full-time experience relevant to the auditor scheme. Auditor training A relevant IRCA-certified Foundation course and A relevant IRCA-certified Internal Auditor training course or the relevant IRCA-certified Auditor/Lead Auditor training course. (Refer to 4.4 for guidance on what training IRCA accepts.) Note: IRCA will consider, on a case-by-case basis, auditors applying for an internal auditor grade that have successfully completed an Internal Auditor course, but not the respective Foundation course. The decision will be based on the information provided in the work experience and sector understanding parts of the application form. Auditing experience You need to have performed at least five internal audits, each of which must have been of at least three hours duration, have included all elements of the audit cycle audit planning, document review, auditing, interviewing and audit reporting and must not have involved areas or activities in which you yourself perform. However, we will accept audits of activities for which you are directly or indirectly responsible, eg as a line manager. (Refer to 4.3 for guidance on what audits are accepted.) Provisional Internal Auditor No audits are required. All other requirements are the same as those for an Internal Auditor. 15

17 5.2 Auditor (See the bottom of the page for Provisional Auditor) Education At least to secondary education level. Note: If you have a degree or near degree level qualification, we will reduce the requirement for work experience. Acceptable qualifications include those awarded by an institution recognised by a national governmental body or accredited by a national professional body. Work experience Four years full-time experience, or three years with a degree or near degree Two years full-time experience relevant to the auditor scheme you are applying for. Please refer to the scheme-specific appendix document for information about what will be accepted as experience relevant to the auditor scheme you are applying for. Auditor training A relevant IRCA-certified Auditor/Lead Auditor training course. Or the relevant IRCA-certified Auditor/Lead Auditor Conversion training course only acceptable if you have previously completed a five-day Auditor/Lead Auditor training course in another discipline. (Refer to 4.4 for guidance on what training IRCA accepts.) Auditing experience You need to have performed at least four full management system audits covering all clauses (requirements) of the applicable management system standard. Auditing activity must include document review, preparation and performance of on-site audit activities, and audit reporting. The total duration of these audits must not be less than 20 days, 15 of which must have been acquired on site. (Refer to 4.3 for guidance on what audits are accepted.) Note: Although we recommend you should complete all of the audits under the direction and guidance of an auditor competent as a team leader (one currently certificated as a lead auditor or who has equivalent competence), we acknowledge that for many auditors this will be very difficult and costly to arrange. Consequently, we will accept a minimum of one audit under these conditions. We may require this team leader to attest to your competence to audit as a team member. Provisional Auditor No audits are required. All other requirements are the same as those for an Auditor. 16

18 5.3 Lead Auditor Education At least to secondary education level. Note: If you have a degree or near degree level qualification, we will reduce the requirement for work experience. Acceptable qualifications include those awarded by an institution recognised by a national governmental body or accredited by a national professional body. Work experience Four years full-time experience, or three years with a degree or near degree Two years full-time experience relevant to the auditor scheme you are applying for. Please refer to the scheme-specific appendix document for information about what will be accepted as experience relevant to the auditor scheme you are applying for. Auditor training A relevant IRCA-certified Auditor/Lead Auditor training course. Or the relevant IRCA-certified Auditor/Lead Auditor Conversion training course only acceptable if you have previously completed a five-day Auditor/Lead Auditor training course in another discipline. (Refer to 4.4 for guidance on what training IRCA accepts.) Auditing experience Four full management system audits as an auditor-in-training, totalling 20 days, including a minimum of 15 days on site Three full management system audits as the leader of an audit team that includes at least one other auditor, totalling 15 days, 10 of which must have been spent on site. (Refer to 4.3 for guidance on what audits are accepted.) Note: Although we recommend you should complete all of the audits under the direction and guidance of an auditor competent as a team leader (one currently certificated as a lead auditor or who has equivalent competence), we acknowledge that for many auditors this will be very difficult and costly to arrange. Consequently, we will accept a minimum of one audit under these conditions. We may require this team leader to attest to your competence to lead an audit team. If you are already certificated to the relevant auditor grade, you need only perform the three lead audits as above. 17

19 5.4 Principal Auditor Routes to Principal Auditor There are two routes to becoming an IRCA-certificated Principal Auditor: 1) Direct entry This route is suitable for management system consultants Education A degree or near degree Note: All postgraduate diplomas, undergraduate and postgraduate degrees awarded in a relevant subject will normally be accepted. Work experience Six years work experience, acquired within the previous 10-year period, which related to the development, implementation, maintenance and auditing of the relevant management system(s). The significant majority of this work experience must have been conducted at a senior level within an organisation. You may have acquired this experience either as an employee or as a contractor. Note: Because we are looking for evidence of related Competencies acquired through working within relevant fields, we will only accept auditing experience as contributing up to a maximum of half of this requirement. Periods of training cannot be included in this work experience requirement. Auditor training A relevant IRCA-certified Auditor/Lead Auditor course or accepted alternative or The relevant IRCA-certified Auditor/Lead Auditor Conversion training course only acceptable if you have previously completed a five-day Auditor/Lead Auditor training course in another discipline. (Refer to 4.4 for guidance on what training IRCA accepts.) Auditing experience Seven sole or lead full system audits totalling 35 days, of which a minimum of 25 days must have been on site. (Refer to 4.3 for guidance on what audits are accepted.) Note: You must have performed all the audits after successful completion of auditor training and within the three-year period prior to application to the IRCA. 18

20 2) Auditor development This route is suitable for IRCA-certificated Lead Auditors who wish to transfer to Principal Auditor because the nature of their audit activities has changed. There are two options associated with the development route, and both options require prior certification to the grade of Lead Auditor. Option 1 Sole auditors This option is for auditors that have been certificated by IRCA to lead audit teams who now undertake sole audits (ie as a team of one), performing all aspects of an audit without assistance. Requirements: Prior Lead Auditor certification Six years certification to Lead Auditor grade by IRCA (or acceptable alternative) prior to transfer. Note: Exceptionally, we will consider accepting less than five years as an IRCA-certificated lead auditor, if you are able to demonstrate a very considerable and comprehensive experience in leading teams over a shorter period. Sole audits in the three-year period prior to transfer Five sole or lead audits, two of which shall be full system audits. The remaining three audits may be surveillance or partial system audits Audit experience within the three-year certification period prior to transfer shall be not less than nine audit days CPD totalling 45 hours (in the three-year certification period prior to transfer). Option 2 - Audit managers and audit professionals This option is for auditors previously certificated by IRCA (or acceptable alternative) to lead audit teams, who are able to maintain the currency of their audit knowledge and skills through audit and audit-related activities, but who no longer conduct audits eg audit managers, certification managers, audit training and development personnel, including management system auditor training course designers, and persons involved in the development of relevant audit and management system standards (such as ISO 19011). Requirements: Prior Lead Auditor certification Six years certification to Lead Auditor grade by IRCA (or acceptable alternative) prior to transfer. Note: Exceptionally, we will consider accepting less than six years as an IRCA-certificated Lead Auditor if you are able to demonstrate a considerable and comprehensive experience in leading teams over a shorter period. 19

21 Other requirements Submission of verifiable evidence of having carried out management system audit and auditor-related activities at a senior level, totalling not less than 15 days, over the threeyear period. These activities shall be relevant to the planning, conduct, management, review and effectiveness of management system audits; development of auditor competency, including management system auditor training course design; and development of recognised standards for conducting management system audits. CPD totalling 45 hours (in the three-year certification period prior to transfer). 20

22 6. Renewal of Certification Criteria and Requirements You must renew your certification every three years, ie at the end of the third complete year. We will write to you two months before your certification period expires and ask you to send us your audit and CPD logs, and other documents. We will evaluate these against the renewal requirements listed below and make a certification decision. We will then write to you with the results. All criteria must be met for each individual scheme for which you hold certification. The renewal of certification process involves the following six requirements: 1) Continuing professional development (CPD) 2) Audit experience 3) Additional requirements 4) Declaration of complaints 5) Compliance with the IRCA Code of Conduct 6) Payment of the annual fee. 1) Continuing professional development For Internal Auditor and Provisional Internal Auditor There is no CPD requirement. For Provisional Auditor, Auditor, Lead Auditor and Principal Auditor You must have completed at least 45 hours of appropriate CPD during the threeyear period immediately prior to renewal of certification. Through CPD, you are required to demonstrate your currency of knowledge and skills through updates in subject areas within the three main categories, as stated in 4.5: Management system related Auditing related Technical knowledge related (eg legislation and regulatory updates). It is important that you demonstrate that you are up-to-date with any regulatory and legislative changes that are relevant to auditing within the respective scheme. We need you to provide us with evidence that you have met this requirement. Should the reviewing officer feel that not enough evidence has been provided, more evidence may be requested. Where evidence is lacking, you may be required to attend interview, or be requested to write a detailed account of the subject in question in order to satisfy IRCA of your currency of such knowledge and skills. 2) Audit experience We will need you to record and submit your audit experience on the audit log 21

23 sheets (IRCA/106) that we supply. For Internal Auditor: You need to have completed a minimum of five internal audits, the total duration of which must have been at least 15 hours. For Provisional Internal Auditor: There is no audit requirement. For Auditor or Lead Auditor: Five audits, two of which must be full system audits (for Lead Auditor, a minimum of one full system audit shall be while leading a team that includes at least one other person). Three of the five audits may be surveillance or partial system audits. Audit experience within the three-year certification period shall be not less than eight audit days. You must have performed these audits within the previous three-year certification period. For Provisional Auditor: There is no audit requirement. For Principal Auditors audit managers and audit professionals: There is no audit requirement. For Principal Auditors sole auditors and consultants: Five sole or lead audits, two of which shall be full system audits. The remaining three audits may be surveillance or partial system audits. Audit experience within the three-year certification period shall be not less than eight audit days. You must have performed all the audits within the previous three-year certification period. 3) Additional requirements For all grades other than Principal Auditor: There are no additional requirements. 22

24 For Principal Auditor audit managers and audit professionals: Submission of verifiable evidence of carrying out management system audit and auditorrelated activities at a senior level, totalling not less than 15 days over the three-year period. These activities shall be relevant to the planning, conduct, management, review and effectiveness of management system audits; development of auditor competency, including management system auditor training course design; and development of recognised standards for conducting management system audits. For Principal Auditors sole auditors and consultants: There are no additional requirements. 4) Declaration of complaints We need you to tell us about any complaints made against your professional conduct. It is important we know of any complaints, as we need to consider these as part of the renewal of certification process. We will investigate all instances of complaints. If complaints are made against your conduct and you do not declare them, the consequences will be far more serious and may result in suspension or withdrawal of your certification. 5) Compliance with the Code of Conduct We need you to make a declaration that you have always acted in compliance with the Code of Conduct (see Appendix III). 6) Payment of the annual fee And finally, we need you to pay the annual fee (please note, there is no additional fee for renewal). Because the fee will be dependent on the grade we offer you after renewal, we do not ask you to pay this fee until we have completed renewal. We will write to you with the results of the renewal, enclosing the invoice and fee-due date. Failure to pay your annual fee within 28 working days of the date of the invoice will result in your certification being withdrawn, and the removal of your details from the online register. Once we have received your payment, we will write to you again enclosing your new certification card. 23

25 7. Terms and Conditions 7.1 Appeals and complaints You have the right to appeal against any certification decision taken by us. We operate a quality system that includes established procedures for considering appeals and complaints. 7.2 Enforcement of certification We enforce (ie suspend or withdraw) certification for three reasons: 1) If you fail to meet the certification criteria for the grade to which you are certificated. This enforcement occurs when you apply to renew your certification. In most cases, withdrawal will be preceded by an offer of an alternative grade, for a period during which you have the opportunity to meet the requirements of, and be reinstated to, the grade you originally held 2) If you breach the Code of Conduct. We reserve the right to undertake action against your certification if we find you to have acted contrary to the Code of Conduct options available include suspending or, in instances of serious or sustained breach, withdrawing your certification 3) If you fail to pay the requisite fees. 7.3 Confidentiality We undertake to consider as strictly confidential all information, correspondence and documentation you submit to us in support of your certification activities. We reserve the right to publish relevant details of each certificated auditor in our register, available online at We reserve the right to disclose details of your certification record to other auditorcertification and accreditation bodies. We will do so with discretion and only in instances where we consider withholding this information will compromise the integrity of certification, eg where we have taken action against (ie suspended or withdrawn) your certification, and you have applied to another auditor-certification body without fully disclosing your record while certificated by us. 7.4 Legal status The certification of auditors by us and all activities associated with the administration of the register is governed in accordance with English law, and is subject to the exclusive jurisdiction of the English courts. 7.5 Fees Fees are set annually and apply to the calendar year (1 January-31 December). Contact us direct or see for details of current fees applicable for your country. Application fee: We need you to pay this fee when you send in your application. Alternatively, we will invoice you on receipt of your application. This fee covers the costs of the application process and is not refunded if the application is unsuccessful. Failure to pay this fee will cause a delay in the processing of your application 24