ISO 19011:2018 Audits
What is ISO 19011:2018?
ISO 19011:2018 is the international standard that provides guidelines for auditing management systems. This standard helps organizations conduct internal or external audits and manage audit programs. It emphasizes principles of auditing, managing an audit program, and evaluating individuals responsible for audit programs.
Understanding ISO 19011:2018 Annex A:
ISO 19011:2018, titled "Guidelines for Auditing Management Systems," provides comprehensive guidance for auditing various management systems. It includes updates to harmonize with changes in other ISO standards and introduces a risk-based approach. One significant part of ISO 19011:2018 is Annex A. This part offers enhanced guidance for auditors in planning and conducting audits.
Annex A: Audit method is crucial because it outlines the acceptable methods of an audit:
-
Process approach to auditing: The “Process Approach” is mandatory for all ISO management systems. What does this mean for both the auditor and the company being audited? There should never be any audits focused on specific clauses (clausal audits). All auditors must be auditing the processes and the evidence of the processes being used.
-
Professional Judgement: During their audits, auditors use their professional judgement to evaluate the processes instead of specific clauses. They must evaluate the intended outcome of the system being audited.
-
Performance Results: Auditors now focus on the intended results of the management system and its performance. While a process may be absent and insignificant in some organizations, it may be very relevant in a complex or high-risk organization.
-
Verifying Information: When performing the process audit the auditor considers if the objective evidence (OE) contains the 4-Cs of evidence; complete, correct, consistent, and current. Questions to consider are:
a. Does the OE demonstrate requirements being met?
b. The integrity of the OE is assessed?
c. Is the auditor ensuring the security of the OE?
Additional guidance on key auditing concepts includes:
-
Compliance: Ensuring the organization meets relevant legal and regulatory requirements.
-
Organizational Context: Understanding the organization’s internal and external issues that can affect its management system.
-
Leadership and Commitment: Evaluating senior leadership involvement and commitment to the management system.
-
Risks and Opportunities: While auditors will focus the audit on ISO risks and opportunities, companies can also use the ISO guidelines to evaluate and control any possible risks and opportunities.
-
Life-Cycle Approach: Auditors should not consider a life-cycle approach to auditing. Exceptions in the case of companies that are vertically integrated.
-
Supply Chain Management: Assessing the effectiveness of the organization’s supply chain processes.
Conducting an Audit (Clause 6)
The audit process involves several steps to ensure thorough and effective evaluations:
-
Initiating the Audit: Define objectives, scope, and criteria. Determine feasibility and meet with auditee. (Clause 6.2.2 & 6.2.3)
-
Preparing for the Audit: Develop an audit plan. Assign work to the audit team. Prepare work documents. (Clause 6.3)
-
Conducting the Audit: Conduct opening meetings. Collect, verify information via interviews, observations, and document reviews. Generate audit findings and conclusions based on the evidence gathered. (Clause 6.4)
-
Reporting: Prepare and distribute audit report. Hold closing meetings to present audit findings and conclusions. (Clause 6.5)
-
Completing and Follow-Up: Verify the implementation of corrective actions. Ensure that nonconformities are addressed appropriately. Send survey on competence and evaluation of audit process. (Clause 6.6 & 6.7)
ISO 19011:2018 and its Annex A provide vital guidance for auditors and organizations looking to improve their audit programs. By incorporating a risk-based approach and offering detailed insights into various auditing aspects, this standard helps organizations conduct more effective and efficient audits, ensuring compliance and continual improvement.
​
For those involved in managing or conducting audits, ISO 19011:2018 is an invaluable resource that supports the ongoing enhancement of audit programs, aligning them with organizational goals and regulatory requirements. Reach out to the ISOP Team for further information and guidance on ISO 19011:2018.
Clause references are from the ISO 19011:2018 Standard.
Need more Information on ISO 19011:2018?
To learn more, please contact an ISOP Solutions at 727-900-5900.