A practical guide from certified ISO auditors covering everything from daily responsibilities and audit types to career paths and salary expectations.
What is an Auditor?
An auditor is a qualified, independent professional who systematically examines whether an organization’s processes, management systems, or financial records comply with defined standards, norms, or internal policies. In the context of ISO management systems such as ISO 9001 for quality management or ISO 14001 for environmental management auditors assess whether a company’s system is both compliant and genuinely effective.
The role goes far beyond checking paperwork. A skilled auditor acts as a diagnostic partner: identifying weaknesses, uncovering hidden risks, and recommending concrete improvements. Their work directly supports an organization’s ability to maintain certifications, satisfy customers, and continuously improve.
At Sternberg Consulting, our work as certified internal auditors and external Quality Management Representatives (QMR) spans manufacturing, medical devices, IT, and construction. In our experience, the best audits don’t just confirm compliance — they surface the operational insights that drive real improvement.
Auditors operate on two foundational principles: objectivity (impartial, fact-based assessment free from conflicts of interest) and methodical rigor (using structured techniques such as document review, process observation, and structured interviews to gather reliable evidence).
Core Tasks and Responsibilities of an Auditor
The exact tasks depend on the type of audit and industry, but management system auditors particularly those working to ISO standards follow a clearly defined process guided by ISO 19011, the international standard for auditing management systems.
1. Audit Planning
Before anything else, the auditor defines the scope, objectives, and criteria of the audit. This involves drafting an audit plan, coordinating with the relevant process owners and management, and reviewing existing documentation to prepare effective questions and checklists.
2. Conducting the Audit
During the on-site audit, the auditor uses three primary techniques to gather objective evidence:
- Document and record review — verifying that required documentation exists, is up to date, and reflects actual practice
- Interviews — speaking with employees at all levels to understand how processes work in practice (not just on paper)
- Process observation — directly watching workflows to identify gaps between documented procedures and real operations
3. Evaluating Business Processes
The auditor assesses whether key processes are appropriately documented, consistently implemented, monitored for performance, aligned with customer requirements, and compliant with applicable legal and normative requirements. In a quality management audit, this means verifying the effectiveness of the entire QMS — not just individual elements.
4. Identifying Nonconformities
One of the auditor’s central outputs is identifying deviations from the applicable standard. These can be result-based (e.g., missing training records, inadequate documentation) or process-based (e.g., unclear responsibilities, missing controls at critical process steps). Nonconformities are graded by severity and form the basis of the audit report and subsequent corrective actions.
5. Preparing and Presenting the Audit Report
At the close of the audit, the auditor prepares a structured report summarizing the audit findings, listing all nonconformities and observations, and providing recommendations for improvement. This report is presented to management in a closing meeting and serves as the formal record of the audit.
6. Following Up on Corrective Actions
In follow-up audits or subsequent cycles, the auditor verifies whether corrective actions from previous audits have been implemented and are producing the intended results. This follow-through is what makes auditing a driver of genuine continuous improvement rather than a one-time compliance check.
The most common mistake organizations make during audits is treating them as events to “pass” rather than opportunities to learn. Auditors who find real problems are giving you valuable information — the goal is continuous improvement, not a perfect score.
Internal vs. External Auditors: The 1st, 2nd, and 3rd Party Framework
ISO standards distinguish between three types of auditors based on their relationship to the organization being audited. Understanding this framework is essential for anyone working with management systems.
| Type | Who they are | Purpose | Outcome |
|---|---|---|---|
| 1st Party (Internal Auditor) | Employee or team member of the organization | Internal process review and continuous improvement | Internal audit report; input for management review |
| 2nd Party (Supplier Auditor) | Representative of a customer or contracting organization | Verify that suppliers meet contractual or quality requirements | Supplier qualification or improvement requirements |
| 3rd Party (Certification Auditor) | Independent auditor from an accredited certification body (e.g. TÜV, DQS, Bureau Veritas) | Formal certification against an ISO standard | ISO certificate (if conformant) |
For most companies pursuing ISO certification, both internal audits (1st party) and certification audits (3rd party) are required. Internal audits must be conducted before the certification audit to verify the system’s readiness — this is where our internal audit and external QMR services at Sternberg Consulting come in.
Types of Auditors Beyond ISO Management Systems
While this article focuses primarily on management system auditors, auditors exist across many domains:
- Financial auditors — review accounting records to ensure compliance with financial reporting standards (e.g. IFRS, HGB)
- Compliance auditors — assess adherence to legal regulations, internal policies, or industry-specific rules
- IT / information security auditors — audit cybersecurity controls and data protection practices, often against ISO 27001
- Process auditors — evaluate the efficiency and effectiveness of specific operational workflows
- Product auditors — verify that finished products or services meet defined specifications and quality standards
- Environmental / energy auditors — assess compliance with ISO 14001 or ISO 50001 requirements
Auditor Salary in Germany
Auditor salaries vary significantly based on experience, specialization, industry, company size, and region. The following figures are indicative ranges for management system and quality auditors in Germany.
Factors that push salaries toward the higher end include holding a lead auditor certification, specialization in high-demand sectors (automotive IATF 16949, medical devices ISO 13485, information security ISO 27001), multi-standard competence, and leadership responsibility for an audit program. Freelance auditors with a proven track record can command day rates well above employed auditors’ effective daily earnings.
How to Become an Auditor
Unlike many professional roles, auditing does not have a single regulated training path in Germany. There is no formal apprenticeship or university degree called “auditor.” Instead, most auditors arrive from adjacent fields — quality management, engineering, production, IT, or finance — and build their auditing competence through targeted training and practical experience.
For internal auditors, the most common route involves:
- Understanding the relevant standard — You cannot audit effectively against a norm you don’t know. For ISO 9001 auditors, this means thorough familiarity with all clauses and their intent.
- Completing a certified auditor training course — These typically cover audit planning, audit techniques, nonconformity identification, and reporting. Our quality management training includes this type of structured preparation.
- Learning ISO 19011 — The international guideline for auditing management systems is the methodological backbone of all competent auditors.
- Gaining practical experience — Participating as a co-auditor, observing experienced auditors, or being audited yourself all build the practical judgment that training alone cannot provide.
For third-party certification auditors, additional requirements apply. They must meet the formal qualification criteria of the Deutsche Akkreditierungsstelle (DAkkS) and typically go through a structured induction program with their certification body — including witnessed audits and ongoing evaluation.
Prepare for your next ISO audit with confidence.
Our certified internal auditors conduct structured, ISO 19011-compliant internal audits and provide external QMR support for SMEs across Germany.
Key Skills and Qualifications
Beyond standard knowledge, the best auditors combine technical expertise with interpersonal effectiveness. The skills that matter most in practice include:
- Standard knowledge — Deep understanding of the applicable ISO norm (e.g. ISO 9001, ISO 14001, ISO 45001)
- Process thinking — Ability to understand and evaluate end-to-end business processes, not just isolated documents
- Analytical judgment — Distinguishing between minor observations and genuine systemic nonconformities
- Communication skills — Asking effective audit questions, managing interviews without being confrontational, and presenting findings clearly
- Objectivity and independence — Maintaining impartiality even when auditing familiar colleagues or high-pressure situations
- Documentation discipline — Writing clear, evidence-based audit reports that support corrective action
- Sector knowledge — Understanding the business context of the organization being audited
Career Outlook: Is Auditing a Future-Proof Career?
The short answer is yes. Demand for qualified auditors is rising across industries as regulatory requirements expand, supply chains face greater scrutiny, and organizations in sectors from healthcare to AI-driven technology pursue formal certification. The introduction of standards like ISO 42001 (AI management) has opened entirely new audit domains that barely existed a few years ago.
Clear progression paths exist within the profession: from internal auditor to lead auditor to audit program manager. Auditors with multi-standard competence — who can cover quality, environmental, and occupational health in a single audit team — are especially sought after. For those interested in independence, freelance auditing offers flexible and well-compensated work for consultancies and certification bodies alike.
Need an Experienced Auditor for Your Organization?
Sternberg Consulting provides certified internal audits and external QMR services for SMEs across Germany — covering ISO 9001, ISO 13485, ISO 14001, ISO 45001, and more.
Frequently Asked Questions
What does an auditor do on a daily basis?
Day-to-day work varies by audit phase. During planning, auditors review documentation and create audit checklists. On audit days, they conduct interviews, observe processes, and gather evidence. Between audits, they write reports, track corrective actions, and stay current on standard changes and industry developments.
What is the difference between an internal and external auditor?
An internal auditor (1st party) is employed by the organization and reviews its own processes to support continuous improvement. An external auditor is either a 2nd party (auditing on behalf of a client, e.g. supplier audits) or a 3rd party (an independent auditor from an accredited certification body who issues ISO certificates).
How much does an auditor earn in Germany?
Entry-level auditors in Germany typically earn around €45,000 per year. Mid-career auditors with independent audit responsibility can expect €55,000–€65,000. Experienced lead auditors or those with specialized certifications (e.g. IATF 16949, ISO 13485) can earn €70,000 or more. Freelance auditors commonly charge €800–€1,500 per day depending on expertise.
Do I need a specific degree to become an auditor?
No. There is no legally required educational background to become an internal auditor. Many auditors come from engineering, business, IT, or quality management backgrounds. The most important requirements are thorough knowledge of the relevant standard, completion of a recognized auditor training course, and practical audit experience.
What is the difference between a process auditor and a product auditor?
A process auditor evaluates the efficiency, effectiveness, and compliance of operational processes — looking at how work is structured, documented, and controlled. A product auditor focuses on whether the final output (product or service) meets defined specifications and quality requirements, typically through sampling, testing, and technical documentation review.
What does ISO 19011 have to do with auditing?
ISO 19011 is the international guideline for auditing management systems. It defines principles of auditing, the audit process (from planning through follow-up), and competence requirements for auditors. While compliance with ISO 19011 is not itself certifiable, it provides the methodological framework that all professional management system audits should follow.
