The principles of auditing. Respected by design.
Auditing is characterised by reliance on a number of principles. These principles make the audit an effective and reliable tool — providing information on which an organisation can act to improve its performance. Manylder is built around every one of them.
ISO 19011:2018 Section 4 defines seven principles that characterise effective auditing. Adherence to these principles is a prerequisite for providing audit conclusions that are relevant and sufficient — and for enabling auditors, working independently from one another, to reach similar conclusions in similar circumstances.
Here is each principle, what the standard requires, and how Manylder's platform and lead auditor address it together.
Integrity.
The foundation of professionalism.
Auditors and the individual(s) managing an audit programme should perform their work ethically, with honesty and responsibility. They should only undertake audit activities if competent to do so, perform their work in an impartial manner — remaining fair and unbiased in all their dealings — and be sensitive to any influences that may be exerted on their judgement while carrying out an audit.
What Manylder's AI platform does.
Surfaces evidence and generates findings transparently. Every finding includes the evidence citation it is based on, the clause it addresses, and a confidence score. No finding is hidden, weighted, or editorially adjusted before the auditor sees it.
What Manylder's lead auditor does.
Exercises judgement impartially, with full visibility into the platform's reasoning. Confirms that findings are honest and accurate before they become part of the audit record. Ensures only competent, qualified individuals own the audit conclusions.
Fair Presentation.
The obligation to report truthfully and accurately.
Audit findings, audit conclusions and audit reports should reflect truthfully and accurately the audit activities. Significant obstacles encountered during the audit and unresolved diverging opinions between the audit team and the auditee should be reported. The communication should be truthful, accurate, objective, timely, clear and complete.
What Manylder's AI platform does.
Shows confidence scores and evidence citations in full. Nothing is suppressed. If confidence is low, that is visible. If evidence is insufficient, that is stated. Obstacles and gaps are surfaced, not hidden.
What Manylder's lead auditor does.
Reviews the complete picture — including gaps, ambiguities, and low-confidence areas — before confirming any finding. Ensures the final report reflects the audit activities truthfully, accurately, and completely.
Due Professional Care.
The application of diligence and judgement in auditing.
Auditors should exercise due care in accordance with the importance of the task they perform and the confidence placed in them by the audit client and other interested parties. An important factor in carrying out their work with due professional care is having the ability to make reasoned judgements in all audit situations.
What Manylder's AI platform does.
Reviews evidence and produces provisional findings as a structured starting point — clause-level detail, evidence citations, and confidence signals that equip Manylder's lead auditor to make reasoned judgements. The auditor review step is a required part of the workflow, not an optional addition.
What Manylder's lead auditor does.
Exercises due professional care by reviewing every finding, applying their expertise and professional judgement, and confirming or amending each status. The auditor's diligence is what makes the findings defensible — Manylder ensures they have the information to apply it.
Confidentiality.
Security of information.
Auditors should exercise discretion in the use and protection of information acquired in the course of their duties. Audit information should not be used inappropriately for personal gain by the auditor or the audit client, or in a manner detrimental to the legitimate interests of the auditee. This concept includes the proper handling of sensitive or confidential information.
What Manylder's AI platform does.
Processes evidence files within an isolated tenant environment. No cross-tenant data access. No customer data used to train AI models. All actions on evidence and reports are logged with user and timestamp. See our full security practices →
What Manylder's lead auditor does.
Manages access to audit evidence and findings through role-based permissions, in coordination with the organisation. Determines what is included in the final audit record. Ensures sensitive information is handled in accordance with the organisation's confidentiality requirements.
Independence.
The basis for impartiality and objectivity of audit conclusions.
Auditors should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the function being audited if practicable. Auditors should maintain objectivity throughout the audit process to ensure that the audit findings and conclusions are based only on the audit evidence.
What Manylder's AI platform does.
Provides a qualified lead auditor who is independent of the activity being audited. The platform does not audit the auditor's own function and does not make audit conclusions. Consistent, structured evidence review reduces the risk of bias. For small organisations where full independence is difficult, Manylder's external auditor and systematic approach help ensure objectivity.
What Manylder's lead auditor does.
Retains full independence from the activity being audited. Maintains objectivity throughout the review process, ensuring findings and conclusions are based only on the audit evidence — not on the platform's provisional assessments. The auditor owns the conclusions; Manylder owns only the analysis.
Evidence-Based Approach.
The rational method for reaching reliable and reproducible audit conclusions.
Audit evidence should be verifiable. It should in general be based on samples of the information available, since an audit is conducted during a finite period of time and with finite resources. An appropriate use of sampling should be applied, since this is closely related to the confidence that can be placed in the audit conclusions.
What Manylder's AI platform does.
Links all findings to specific document citations — section numbers, paragraph references, direct quotes where relevant. No finding exists without a traceable evidence source. Because Manylder can evaluate the full body of evidence rather than a sample, it reduces the sampling risk inherent in manual review.
What Manylder's lead auditor does.
Verifies every citation against the original document. Confirms that the evidence supports the finding. Adds context, challenges insufficiency, and ensures that audit conclusions are based on verifiable, traceable evidence — not on unsupported assertions from the platform.
Risk-Based Approach.
An audit approach that considers risks and opportunities.
The risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant to the audit client, and for achieving the audit programme objectives.
What Manylder's AI platform does.
Assigns confidence scores that reflect evidence sufficiency per clause, allowing risk-based prioritisation. Flags lower-confidence areas where evidence gaps are most likely and where the risk of an incorrect finding is highest.
What Manylder's lead auditor does.
Directs review effort where it matters most — focusing on low-confidence findings, high-risk clauses, and controls that carry the greatest organisational impact. Uses confidence scores as a prioritisation signal to allocate finite audit resources effectively.
What Manylder does not do.
- Manylder's platform does not produce audit conclusions. It reviews evidence and produces provisional findings for review by Manylder's qualified lead auditor.
- The platform does not act as the lead auditor. Manylder provides a qualified lead auditor who owns all findings, conclusions, and the audit report.
- Manylder does not certify conformance with any management system standard. Certification requires assessment by a UKAS-accredited or equivalent certification body.
The platform's evidence review report is a structured working document for Manylder's lead auditor to review. It becomes a formal audit output only once reviewed, amended if necessary, and signed off by the lead auditor.
Common governance questions.
Can we use Manylder findings in a UKAS surveillance audit?
Manylder findings, once reviewed and confirmed by Manylder's lead auditor, form part of the internal audit record. The internal audit record is one of the inputs to the surveillance audit. The certification body will assess the quality of your internal audit process — including whether it was conducted in alignment with ISO 19011:2018 — as part of their surveillance.
Does AI involvement affect audit independence?
No. The platform is an evidence review tool — comparable to a checklist or evidence management system. Manylder's lead auditor retains independence from the activity being audited. The platform does not audit the auditor's own function and does not make conclusions on the auditor's behalf.
Does the tool log changes made during the lead auditor's review?
Yes. The system records when findings are reviewed, when statuses are amended, and when findings are confirmed by Manylder's lead auditor. This review trail is available for inclusion in the audit record per ISO 19011:2018 Section 5.5.7.
Is Manylder certified against ISO 19011:2018?
ISO 19011:2018 is a guideline standard, not a certification standard — there is no certification scheme for it. Manylder's design is aligned with the principles and practices described in the standard. This alignment is a design principle, not a certification claim.
Audit methodology, preserved.
Leave your email and I'll show you how Manylder keeps your audit fully aligned with ISO 19011:2018.