WHAT IS ISO 19011:2018 – AUDITING MANAGEMENT SYSTEMS?

Quality Glossary Definition: ISO 19011

ISO 19011 is defined as the standard that sets forth guidelines for auditing management systems. The standard contains guidance on managing an audit program, the principles of auditing, and the evaluation of individuals responsible for managing the audit programs. An audit program consists of the arrangements made to complete all of the individual audits needed to achieve a specific purpose.

ISO 19011:2018 provides valuable information on how to improve an audit program systematically, just as other departments in an organization are expected to improve. One aspect of such improvement is continuously ensuring the audit program objectives are in line with the management system policies and objectives. Organizations, in pushing for auditing improvements, should consider the needs of customers and other interested parties.

An area of increasing importance in auditing management systems and business in general is the concept of risk. As of the 2011 edition, risk has been integrated throughout the audit program management section of the ISO 19011:2018 standard.

ISO 19011 STANDARD FACTS

When the United States adopts its version of a standard, it is referred to as an American National Standard (ANS) and is the equivalent of an international standard.

The ANSI version may or may not make changes to the international (ISO) version of the standard. In the case of ISO 19011, it is considered an identical adoption.

WHO SHOULD USE ISO 19011:2018?

If your organization conducts internal or external audits of management systems, or if you manage an audit program, then ISO 19011 and the ANSI version apply to you.

Anyone involved in audits or audit programs can use ISO 19011. More specifically, ISO 19011 is for people in charge of managing an audit program and evaluating individuals involved in the audit programs and audits. Anyone who has been tasked with improving an audit program will likely find ISO 19011:2018 of value.

What does ISO 19011:2018 accomplish?

ISO 19011 offers guidance on every step of auditing a management system or audit program, including:

• Defining program objectives
  • Ensuring you understand the specific objectives you hope to achieve
  • Making audit arrangements
  • Assigning roles and responsibilities
  • Defining number, scope, location, and duration of audits
  • Determining criteria and specific checklists
  • Establishing review procedures
• Completing the audits needed
  • Planning and reviewing internal documents
  • Collecting and verifying audit evidence
  • Generating findings and preparing reports
  • Communicating findings
• Reviewing the results and process
  • Assessing results and trends
  • Conforming with audit program procedures
  • Evolving needs and expectations of interested parties
  • Analyzing audit program records
  • Examining effectiveness of the measures to address risks
  • Ensuring confidentiality and information security

ISO 19011 Guidelines for Auditing a Management System

19011:2011 vs. 19011:2018

The main differences between the 2011 and 2018 revisions, as outlined in its foreword, are the following:

• Addition of the risk-based approach to the principles of auditing
• Expansion of the guidance on managing an audit program, including audit program risk
• Expansion of the guidance on conducting an audit, particularly the section on audit planning
• Expansion of the generic competence requirements for certified quality auditors (CQAs)
• Adjustment of terminology to reflect the process and not the object (“thing”)
• Removal of the annex containing competence requirements for auditing specific management system disciplines (due to the large number of individual management system standards, it would not be practical to include competence requirements for all disciplines)

Expansion of Annex A to provide guidance on auditing (new) concepts such as organization context, leadership and commitment, virtual audits, compliance, and supply chain