The Hidden Risks of Using Unregistered ISO Auditors: How Poor Audits Lead to Costly Non-Compliance
This article has been supplied.
South African businesses have suffered massive financial setbacks due to inadequate auditing, with cumulative losses from poor audits and compliance failures running into billions. Through its material irregularities process, the Auditor-General of South Africa recovered and prevented financial losses totalling ZAR3.47 billion in the 2023-24 financial year.
In one case, the Public Company Accounting Oversight Board (PCAOB) fined KPMG South Africa and two partners $275,000 for using an unregistered accounting firm in audits between 2015 and 2017. Cases like these highlight the urgent need for businesses to engage only accredited auditors.
A manufacturing firm recently lost its ISO 9001 certification due to an unregistered auditor’s failure to identify quality control issues, leading to a cancelled R12 million contract. Similarly, a financial services provider faced regulatory fines and was forced to spend over R5 million on corrective measures after a flawed ISO 27001 audit exposed them to a data breach.
Muhammad Ali, Managing Director of ISO specialist World Wide Industrial & Systems Engineers (WWISE), warns that such cases are common. “Every year, we handle 17 to 20 remediation projects where unqualified auditors have misled businesses. By the time we step in, the damage is done,” he explains.
ISO certifications, such as ISO 9001 for quality management and ISO 27001 for information security, serve as global benchmarks for business excellence. However, many organisations unknowingly expose themselves to risk by hiring unregistered auditors. “There are many so-called auditors without verifiable qualifications or experience,” Ali warns. “They mislead companies, cut corners, and leave businesses vulnerable to compliance failures and financial losses.”
ISO audits are categorised as first-party (internal), second-party (supplier audits), and third-party audits conducted by registered lead auditors from accredited certification bodies such as SABS, TUV, SGS, or Bureau Veritas. When done correctly, audits ensure regulatory compliance and operational efficiency. However, assessments by unqualified auditors create serious financial and operational risks.
Unregistered ISO auditors lack accreditation from recognised bodies such as SAATCA in South Africa, CQI | IRCA in the UK and Europe, PECB in the Americas, or Exemplar Global in the Asia-Pacific region. Despite the presence of these regulators, many individuals claim ISO expertise after completing short online courses with no practical auditing experience. “These auditors lack industry-specific knowledge, fail to conduct thorough assessments, and ultimately compromise an organisation’s compliance efforts,” says Ali.
Many businesses hire unregistered auditors due to a lack of awareness or the lure of lower costs, only to suffer greater financial losses. Some fail to verify an auditor’s credentials through regulatory websites like SAATCA or CQI | IRCA, while others are misled by large consulting firms using unqualified auditors. Industries most affected by poor auditing include manufacturing, food and beverage, construction, mining, and telecommunications.
The risks of hiring unregistered auditors are severe. Some companies have been unable to enforce contracts or take legal action due to poorly drafted agreements, while others have faced certification suspensions or revocations. In extreme cases, businesses have been forced to shut down due to compliance failures. “Losing an ISO certification doesn’t just impact compliance—it damages customer trust, brand reputation, and business continuity,” Ali emphasises. “A single failed audit can set an organisation back years.”
To avoid these risks, businesses must conduct due diligence before hiring an ISO auditor. This includes checking accreditation status with SAATCA, CQI | IRCA, PECB, or Exemplar Global, ensuring auditors have completed at least 200 hours of audits, and confirming they have undertaken a five-day ISO lead auditor course with an accredited provider. Ali warns that red flags include over-reliance on checklist audits, lack of industry-specific knowledge, large upfront payment requests, and resistance to scrutiny.
If an organisation discovers that an unregistered auditor has conducted their ISO audit, immediate action is required. Businesses may be able to pursue legal action if their contracts include provisions for auditor qualifications. However, in many cases, the best course of action is to bring in a certified lead auditor to reassess the audit and report any malpractice to accreditation bodies.
ISO certification is not just about compliance—it is a strategic tool for business credibility, operational efficiency, and regulatory alignment. However, this is only possible when qualified professionals conduct audits. “A proper ISO audit is not just a compliance exercise; it’s a strategic investment in risk management and business excellence,” Ali emphasises. “Hiring an accredited auditor is the only way to ensure genuine, lasting value.”
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation