I've spent seven years conducting third-party audits for certification bodies. I've also watched colleagues who had no business auditing a lemonade stand get assigned to complex certification audits. The auditor competence problem in ISO certification is real, and businesses are paying the price.. literally and figuratively.
On this page
When I posted about this issue on LinkedIn recently, the response was overwhelming. Industry professionals from around the world came forward with their experiences. One comment particularly stood out: "I observed over 50 days of audits in 2025, only 5 days where the auditor actually audited rather than just note document references."
That's not an isolated incident. It's a pattern.
The most common complaint I hear is ISO auditor's incompetence. Not occasional missteps.. systemic lack of qualification to audit the organisations they're assessing.
And the worst part? Most businesses don't know they can do anything about it. They think they're stuck with whoever shows up from the certification body.
You're not.
The Real Complaints Businesses Are Making
Let me be specific about what "bad auditor" actually means, because this isn't about personality conflicts or someone having a bad day.
Auditors with zero industry knowledge conducting specialised audits. I'm talking about someone who's spent their career in food manufacturing suddenly auditing an automotive engineering firm.
They don't understand the processes, can't interpret the documentation properly, and miss critical issues because they simply lack context. The audit becomes a tick-box exercise that provides zero value to your business.
Superficial audits that lack any depth. Another LinkedIn comment noted that accreditation bodies now require so much documentation that auditors spend more time writing than actually auditing.
The result? You get an auditor racing through your facility, grabbing document references, and disappearing. No meaningful assessment of whether your management system actually works. No valuable recommendations. Just a rubber stamp.
Complete inability to answer basic questions about standard interpretation. I've heard stories of auditors who can't explain why they're raising a finding, can't reference the specific clause they're auditing against, or give contradictory guidance during different parts of the audit.
If an ISO certification auditor can't clearly articulate what requirement you've failed to meet, that's not your problem—it's theirs.
Wildly inconsistent findings between different auditors. This one causes serious frustration. Year one: the auditor raises a major non-conformance. You fix it. Year two: different auditor looks at the exact same thing, says it's fine, but raises a major NC on something the previous auditor approved.
Such inconsistency destroys your confidence in the entire ISO certification process and makes it impossible to know what "conformance" actually looks like.
Poor communication skills making audits unnecessarily stressful. Some auditors treat audits like criminal investigations rather than assessment processes. They're aggressive, condescending, or completely unable to explain their findings in plain language.
One commenter mentioned knowing auditors with "outstanding CVs who know nothing" and I can tell you the communication gap is often the giveaway.
The certification audit isn't supposed to be adversarial. According to ISO 19011:2018, audits should be conducted with integrity, fair presentation, and due professional care.
When an ISO certification auditor fails at basic communication or professional behaviour, they're violating the fundamental principles of auditing.
Get 3 ISO Quotes. 24 Hours Response
Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.
Trusted by 400+ businesses like yours
Why This Happens (And It's Getting Worse)
The root cause is straightforward: certification bodies are facing an auditor shortage crisis, and they're making bad compromises to fill the gap.
One industry professional commented that the problem runs deeper.. there's a "race to the bottom on cost, fear of lost business from large customers, and accreditation bodies who are asleep at the wheel."
That's exactly right.
Here's the economic reality. Certification bodies are under constant pricing pressure. Businesses shop around for the cheapest certification, which means CBs are cutting costs wherever they can.
Auditor fees are one of the biggest expenses. Solution? Hire less experienced auditors at lower rates and rush their training.
I've seen auditors get assigned to standards they were "trained" on literally weeks earlier. They took a five-day lead auditor course, shadowed one or two audits, and suddenly they're your certification auditor.
The certification body's competency evaluation process... which ISO 17021-1 requires them to have.. becomes a paperwork exercise rather than genuine assessment.
Another commenter noted that pay is a significant issue: "The salary is a big pay cut for many people. Less competent people get the job and don't have the experience." When you're paying below-market rates, you're not getting the calibre of auditor you need.
Then there's the repeat business problem. Certification bodies want to keep clients. One auditor mentioned being rejected after interviews because he challenged the certification body about their reputation in the industry. CBs that prioritise keeping clients happy over conducting rigorous audits create a race to mediocrity.
The accreditation bodies such as JASANZ in Australia and New Zealand, UKAS in the UK, ANAB in the US are supposed to oversee certification bodies and ensure auditor competence.
But as one commenter observed, "accreditation bodies can't control certification bodies entirely. In some ways they are heavily influenced by CBs."
There's a power dynamic where the largest certification bodies have significant leverage, making it difficult for accreditation bodies to enforce standards rigorously.
What You Can Actually Do About It
Right, enough complaining. Here's your escalation pathway, from polite requests to nuclear options.
Request auditor CVs before the audit
You are absolutely allowed to do this. When your certification body confirms the audit date and auditor assignment, email back requesting the auditor's CV and relevant competency records.
You want to see industry experience, standard-specific qualifications, and evidence they're competent to audit your sector.
Some certification bodies will push back. Ignore that. ISO 17021-1 requires them to demonstrate auditor competence.
You're not being difficult, you're exercising due diligence.
Request a different auditor if qualifications don't match. If the CV shows someone who's never worked in your industry or doesn't have relevant sector experience, request a replacement.
Be specific: "We're an engineering firm manufacturing medical device components. The assigned auditor's background is entirely in food safety. We request an auditor with relevant manufacturing and engineering experience."
Don't be apologetic about this. You're paying significant money for ISO certification; demand an auditor who can actually assess your operations properly.
Challenge findings during the audit itself. If an auditor raises a finding you believe is incorrect, challenge it immediately. Don't wait for the closing meeting. Ask them to reference the specific clause requirement they're auditing against. Ask them to explain their reasoning. Take notes.
Good auditors welcome this discussion.. it's part of the evidence-gathering process. Bad auditors get defensive.
If an auditor can't clearly articulate why something is a non-conformance with reference to the standard, that's a red flag.
Use the formal appeals process
Every certification body is required under ISO 17021-1 to have an appeals process. This is documented in their certification procedures. If you receive a non-conformance you believe is invalid, file a formal appeal.
The Oxebridge Quality Resources website provides detailed guidance on how to appeal invalid audit findings, including what constitutes an invalid non-conformance (lack of objective evidence, no reference to specific clause requirement, etc.). Don't let dodgy findings stand just because you signed the closing meeting report—the signature doesn't mean you've accepted the findings, just that you've acknowledged them.
Complain formally to the certification body
This is separate from appeals. If the issue is auditor behaviour, competence, or professionalism rather than specific findings, lodge a formal complaint. Certification bodies are required to have complaint procedures per ISO 17021-1 clause 9.8.
Document everything: what happened, when, who was involved, specific examples. Reference the auditing principles from ISO 19011:2018 that were violated (integrity, fair presentation, due professional care, independence). The more specific you are, the harder it is for the CB to dismiss.
Report to the accreditation body for serious issues
If the certification body doesn't resolve your complaint satisfactorily, escalate to the accreditation body. In Australia and New Zealand, that's JASANZ. In the UK, it's UKAS. In the US, it's ANAB.
Serious issues worth reporting include: evidence of unethical practices (asking for bribes, conflicts of interest), certifications issued without proper audit, auditors grossly incompetent for the sector they're auditing, systematic problems with auditor quality across multiple audits.
The accreditation body has the power to suspend or withdraw a certification body's accreditation if they're not maintaining standards. They don't want to hear about minor gripes, but if there's evidence of systematic failure, they need to know.
Switch certification bodies entirely
If auditor quality doesn't improve after raising concerns, change CBs at your next recertification. You are not locked into one certification body. Your ISO certificate needs to be reissued every three years—use that opportunity to move to a CB with better auditor quality.
When shopping for a new CB, ask specific questions upfront: What's your auditor qualification process? How do you ensure industry-specific competence? Can we see auditor credentials before assignment? What's your appeals and complaints record?
One commenter suggested developing internal auditors "who can stand shoulder to shoulder with or above any 3rd party auditor, so we truly understand our own position on compliance." That's excellent advice.
Strong internal auditing capability means you're not dependent on the external auditor to tell you what needs fixing.
Protect Yourself From the Start
Prevention is better than dealing with a bad audit after it's happened.
Interview certification bodies properly before signing. Don't just go with the cheapest quote. Ask about their auditor pool for your specific standard and sector. Ask about their auditor competency evaluation process. Request references from similar organisations. If they can't or won't answer these questions clearly, that tells you everything about how they'll handle problems later.
Specify requirements in your certification contract. Some contracts allow you to specify auditor requirements—minimum experience level, industry background, language proficiency (if relevant). Get it in writing.
Build internal audit capability. Having competent internal auditors means you know exactly where you stand before the external auditor arrives. You're not surprised by findings, and you can challenge invalid ones with confidence. Strong internal auditing also demonstrates to the external auditor that you take your management system seriously.
Document everything during audits. Have someone shadow the auditor and take detailed notes—what they looked at, what they asked, what evidence they reviewed. If problems arise later, you've got contemporaneous records. This also keeps auditors honest—people tend to be more careful when they know their work is being documented.
What Good Actually Looks Like
Because it's worth knowing what you should expect from a competent auditor, not just what to avoid.
A good auditor understands your industry context. They ask insightful questions about your processes, not just "show me the procedure."
They can explain exactly which clause requirement they're auditing and why it matters to your business. They provide value—identifying genuine risks and opportunities for improvement, not just finding things to tick off their checklist.
Good ISO certification auditors engage in professional discussion when you challenge a finding. They're there to gather evidence and make informed judgements, not to prove they're right. And they communicate clearly, treating your staff with respect.
This isn't unrealistic expectation—it's the minimum standard for professional auditing according to ISO 19011:2018.
When certification bodies hire and retain quality auditors, everybody wins. You get a meaningful audit that adds value. The CB builds a reputation for quality. The certification itself has credibility.
The current race to the bottom helps nobody except the CBs cutting costs, and it won't last—businesses are increasingly wise to the game.
Can I request to see my auditor's qualifications before they arrive?
Yes. You're entitled to know that the auditor assessing your organisation is competent to do so. Request CVs, competency records, and industry experience documentation from your certification body when they confirm the audit. ISO 17021-1 requires CBs to demonstrate auditor competence, so you're not asking for anything unreasonable.
What if my certification body refuses to change an incompetent auditor?
Document your concerns in writing, referencing specific competency gaps (lack of industry experience, no relevant qualifications, etc.). If they still refuse, you have the right to postpone the audit and escalate the issue formally. You can also lodge a complaint with the accreditation body if the CB is assigning auditors who clearly lack the required competence.
Can I switch certification bodies mid-cycle?
It's complicated. You're typically locked into surveillance audits for the three-year certification cycle. However, if you can demonstrate serious issues with auditor quality or CB performance, some accreditation bodies may support a transfer. At minimum, plan to switch at your next recertification and document everything in the meantime.
How do I know if a non-conformance is invalid?
Invalid NCs typically lack objective evidence (the auditor can't show you what they observed), don't reference a specific clause requirement, or misinterpret the standard. If an auditor says "this doesn't meet requirements" but can't explain which requirement or show evidence, that's likely invalid. The Oxebridge website has detailed guidance on what constitutes a valid vs invalid finding.
What's the difference between appealing a finding and lodging a complaint?
Appeals are for challenging specific audit findings—non-conformances you believe are incorrect. Complaints are for auditor conduct, competence, or professionalism issues. You can do both simultaneously if you've received invalid findings from an incompetent auditor.
Will complaining about an auditor affect my certification?
No. Certification bodies are required to separate their audit and appeals/complaints processes to avoid conflicts of interest. Your complaint about auditor quality shouldn't impact your certification decision—that should be based purely on evidence of conformance. If a CB retaliates by being harsh in future audits, that's serious misconduct to report to the accreditation body.
What role do accreditation bodies like JASANZ play in auditor quality?
Accreditation bodies oversee certification bodies to ensure they meet ISO 17021-1 requirements, including auditor competence. They conduct regular assessments of CBs and can suspend or withdraw accreditation if standards aren't maintained. However, as one industry professional noted, ABs are somewhat influenced by powerful CBs. Still, serious complaints with documentation will get their attention.
Should I always use a JASANZ or UKAS accredited certification body?
Absolutely. Non-accredited "certification" is worthless—it won't be recognised by customers or regulators. Always verify your CB is accredited by a member of the International Accreditation Forum for your country. In Australia and New Zealand, that's JASANZ. In the UK, UKAS. Using an accredited CB at least ensures basic oversight exists.
Can industry experience be a problem for auditors?
Sometimes. One commenter noted that too much industry experience can lead auditors to use perception rather than evidence. The auditor might assume "this is how it should work" based on their past rather than assessing what you've actually implemented. Balance is ideal.. enough industry knowledge to understand context, but still conducting evidence-based assessment.
What if the problem is systematic across multiple audits?
That's when you escalate to the accreditation body with documented evidence from multiple audit cycles. If you can show a pattern of incompetent auditors, invalid findings, or poor CB response to complaints, the AB will take that more seriously than a one-off incident. Keep records from every audit—findings, correspondence, complaint responses.
Finding Better ISO Auditors From The Start
The auditor competence problem isn't going away until businesses start demanding better and certification bodies respond accordingly. Too many organisations accept whatever auditor shows up because they don't realise they have options.
You're paying significant money for ISO certification. The audit should provide value.. identifying genuine risks, confirming your system works, and offering informed recommendations for improvement.
If you're getting a box-ticker who doesn't understand your business and can't answer basic questions, you're being short-changed.
At CertBetter, we verify every ISO consultant and certification bodies on our platform. That means background checks, insurance verification, and you can leave an honest review of the auditor. When you request ISO certification quotes through our system, you're seeing verified professionals who meet quality standards. We want the certification industry to be better, starting with the people doing the work.
If you're tired of mediocre auditors and want to work with verified, competent professionals, that's exactly what we built our platform for.
