ISO 19011 is an international standard that puts forward the guidelines for auditing management systems.
The standard is applicable to a wide range of users, including, among others, organizations that need to conduct internal and/or external management system (MS) audits and manage audit programmes.
The standard covers the principles of auditing and provides a broader harmonized approach to management system auditing and comprehensive guidance on how to conduct a management system audit.
ISO 19011 was first published in 2002 and it was used as a guideline for quality (ISO 9001) and/or environmental (ISO 14001) management systems auditing.
The number of management system standards that have a common structure and core definitions has increased, along with the need to consider a broader approach to the audit of management systems. To reflect both the structure and the content of new management system standards, ISO 19011 has been updated.
Changes in terminology:
The Terms and definitions section within ISO 19011:2018 has been revised.
Changes in the principles of auditing:
The 2018 version of the standard has placed an enhanced focus on the utmost newly added principle – the risk-based approach – which considers risks and opportunities during the planning, conducting and reporting phases of an audit.
In order to ensure that audits are focused on matters that are significant for the audit client, and for achieving the audit programme objectives, the risk needs to be considered from the design of the audit programme to the issue of the audit report.
The application of the risk-based approach can serve as a tool for risk prevention, and optimization of the efficiency and effectiveness of the audit process and its outcome(s).
This principle has intertwined with the structure of the rest of the document, specifically Section 5 – Managing an audit programme, which suggests that when preparing an audit programme, moderate consideration should be given to the identified risks and opportunities, as well as the actions taken to address them.
Competence
The standard has experienced other updates by emphasizing the auditors’ competencies in order to ensure the overall competence of the audit team with regards to each individual audit. Additionally, from now on audit team leaders are expected to possess the competencies to discuss strategic issues with the top management.
Changes in the Annexes of ISO 19011:2018:
Annex B is Removed & additional sections have been embodied in Annex A, which have placed an importance on performance results, process approach, professional judgment, the organization’s impact over the stages of its product and/or service lifecycle, and auditing risks and opportunities.
The main changes in the ISO 19011:2018 standard include:
Updated terms and definitions so as to be in line with the definitions used in other standards;
The addition of the 7th principle of auditing – risk-based approach;
Additional information on managing an audit programme, including audit planning, audit programme risk, conducting an audit, elaboration of the generic competence requirements for auditors;
Expansion of new Annex A, including the additional sections on process approach, lifecycle, professional judgment, audit risks and opportunities, audit leadership and commitment use of information and communication technologies during auditing virtual activities.
“The focal point of the new version of the standard is the consideration of evolving technologies and the increased focus on risk.”
The latest version of the standard aims to consolidate the existing guidelines in order to help organizations manage a successful audit programme, ensure continuous improvement and enable effective auditing across multiple systems.
