Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Piraní Academy

Characteristics required of an auditor, according to ISO 19011

written by Maria Camila Arévalo, On November 23, 2022


ISO 19011 is focused on the audit management that must be carried out in the risk management system, although it is not a certifiable standard, it provides a series of recommendations that help companies to have an adequate management and establish the audit plan to comply with the legal requirements that are demanded by the control entities.

Normally, organizations that implement risk management must conduct periodic audits to verify whether the action plan implemented is being effective and providing the expected results. 

However, auditors play a very important role in risk management, since they are the ones who identify if the management is being carried out correctly, if the controls are effective and if it is complying with the required standard.

With Pirani you will be able to manage more efficiently the processes, risks, controls, events and action plans associated with Corporate Governance, so your organization will be prepared for the periodic audits it will have to undergo.

Try Pirani for FREE

Principles that an auditor must have


Auditors who perform the role of auditors must be honest, diligent, responsible and fully comply with all legal requirements of this position, be competent, impartial and not be influenced by anyone or anything while auditing. 

Impartial presentation

The auditor must be accurate and truthful in the information provided, such as reports, documents, records, evaluations, controls, among others. He/she is obliged to disclose everything he/she observed and identified during the audit. Communication must be direct, transparent, truthful and complete.

Be professional

The manner in which they operate must be very careful, since they are the ones who have the power to make judgments during the audit.


One of their principles must be the handling of information and its security. Discretion is very important while performing the audit, since during this process they acquire a lot of information that must be protected. It is important to emphasize that you cannot use this data inappropriately. 


It must be impartial and act independently, in the case of internal audits the auditors must be alien to those responsible for risk management. They must always be objective in order to acquire truthful findings and conclusions.

Evidence-based approach

It is the method used for the conclusions of the audits, the information obtained must be verifiable, as this is the evidence of the study conducted. 

Auditor's capabilities

  • Plan the work effectively.
  • Know the risks to which an audit is exposed.
  • Identify the opportunities that may arise.
  • Performing the audit in a timely manner.
  • Establish priorities.
  • To have a clear and direct communication, both written and verbal.
  • Carry out the appropriate methodology to perform the audit (interviews, reviewing documents, records and data).
  • Use sampling tools to collect evidence.
  • Verify the information collected.
  • Document all information during the audit process.
Try Pirani For FREE NOW
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

Leave us your comments