Integrity: According to this principle, auditors and people who manage an audit program should carry out their work ethically, honestly and responsibly. In addition, they must undertake audit activities “only if they are competent to do so” and carry out their work impartially.
Impartiality: It establishes the obligation to report truthfully and accurately. In this way, the findings, conclusions and reports of the audit “should accurately and truthfully reflect the audit activities”, as ISO 19011:2018 itself points out. This principle tries to guarantee correct communication between the auditor and the auditee throughout the entire process of the audit. audit.
Due professional care: The purpose of this principle is for auditors to proceed with due care, in accordance with the importance of the task at hand and the trust placed in them by the audit client and other interested parties. For this, one of the keys is to have the necessary competencies to “make reasoned judgments in all audit situations”.
Under ISO 19011:2018, auditors should exercise discretion in the use and protection of information acquired in the course of their duties. In this way, the information collected in the audit should not be used to harm the interests of the auditee or used against any company worker.
Independence: In addition to being impartial, auditors “should be independent of the activity being audited whenever possible, and in all cases should act in a manner free of bias and conflict of interest.”, As stated in the text of the regulation. In the case of internal audits, the auditor “auditors should be independent of the function being audited, if possible”, and remain objective at all times.
Evidence-based approach: Refers to the fact that the results and conclusions of the audit must be verifiable. In general, they should be based on samples of the available information, since an audit is carried out over a limited period of time and with finite resources.
Risk based approach: It is one of the innovations that ISO 19011:2018 includes in its 2018 version. In this way, the risk-based approach should substantially influence planning, conducting and reporting of the audit “to ensure that audits they focus on issues that are important to the audit client and to achieving the objectives of the audit program. ”