June 20, 2019


Sofema Aviation Services (www.sassofia.com) looks at the purpose and use of ISO-19011-2018.


An audit management program enables the completion of all the individual audits needed to ensure compliance with the regulatory and organisational obligations.

ISO 19011:2018 provides a standard which identifies guidelines for auditing management systems. The standard contains guidance on managing an audit program, the principles of auditing, and the evaluation of individuals responsible for managing the audit programs.

Additionally, ISO 19011:2018 provides guidance on how to manage audit program improvements with a systematic approach in the same way that other business areas are expected to improve.

As well as meeting the regulatory obligations the audit program objectives should be in line with the management system policies and objectives.

An area of increasing importance in ISO 19011:2018 related to auditing management systems as well as business, in general, is the focus on risk considerations which feature throughout the audit program management section of the ISO 19011:2018 standard.

What is the applicability of ISO 19011:2018?

Anyone who has been tasked with improving an audit program will likely find ISO 19011:2011 of value.

Applicable If your organization conducts internal or external audits of management systems, or if you manage an audit program. More specifically, ISO 19011 is for people in charge of managing an audit program and evaluating individuals involved in the audit programs and audits.

What Does ISO-19011 Do?

ISO 19011 offers guidance on every step of auditing a management system or audit program, including:

a) Defining program objectives

b) Ensuring you understand the specific objectives you hope to achieve

c) Making audit arrangements

d) Assigning roles and responsibilities

e) Defining number, scope, location, and duration of audits

f) Determining criteria and specific checklists

g) Establishing review procedures

h) Completing the audits needed

I) Planning and reviewing internal documents

j) Collecting and verifying audit evidence

k) Generating findings and preparing reports

l) Communicating findings

m) Reviewing the results and process

n) Assessing results and trends

o) Conforming with audit program procedures

p) Evolving needs and expectations of interested parties

q) Analyzing audit program records

r) Examining the effectiveness of the measures to address risks

s) Ensuring confidentiality and information security


Considering the Difference Between ISO 19011:2011 and 19011:2018?

a) Addition of the risk-based approach to the principles of auditing

b) Expansion of the guidance on managing an audit program, including audit program risk

c) Expansion of the guidance on conducting an audit, particularly the section on audit planning

d) Expansion of the generic competence requirements for auditors

e) Adjustment of terminology to reflect the process and not the object (β€œthing”)

f) Removal of the annex containing competence requirements for auditing specific management system disciplines (due to the large number of individual management system standards, it would not be practical to include competence requirements for all disciplines)

g) Expansion of Annex A to provide guidance on auditing (new) concepts such as organization context, leadership and commitment, virtual audits, compliance and supply chain

Sofema Aviation Services (www.sassofia.com) and Sofema Online (www.sofemaonline.com) are pleased to offer EASA Compliant Regulatory & Vocational Classroom and Online Training. For details please see the websites or email office@sassofia.com or online@sassofia.com.


Auditing Management System, ISO 19011:2018