Skip to content
Guidance

ISO 19011 Guidelines for Auditing Management Systems

April 16, 20245 minute read

ISO 19011:2018 Guidelines for auditing management systems provides guidelines for auditing management systems, including quality management systems (ISO 9001) and environmental management systems (ISO 14001). It outlines the principles of auditing, managing audit programs, and conducting management system audits. ISO 19011 establishes a common framework for audits, ensuring they are conducted consistently and effectively. Using ISO 19011 helps organizations:

  • implement auditing best practices based on international consensus;
  • demonstrate credibility and capability in auditing to customers and stakeholders;
  • improve management systems and processes through structured audits;
  • meet customer and regulatory audit requirements;
  • facilitate consistent auditor training and evaluation.

ISO 19011 is essential for any organization that needs to conduct internal audits or manage external audits of their management systems, including:

  • companies certified to standards like ISO 9001 or ISO 14001;
  • organizations wanting to implement an internal audit program;
  • third-party audit firms and management system consultancies;
  • auditors performing first, second or third-party audits;
  • quality and health and safety managers responsible for audits.

Using ISO 19011 provides standardized audit process, terminology, and methodology as part of its overall guidance on audit principles, procedures and techniques. It offers organizations a framework for managing audit programs and personnel, including criteria for auditor competence, evaluation, and development.

NOTE that a revision to this standard is expected to be published during 2024.

Table of Contents

Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles of auditing
5 Managing an audit programme
5.1 General
5.2 Establishing audit programme objectives
5.3 Determining and evaluating audit programme risks and opportunities
5.4 Establishing the audit programme
5.5 Implementing audit programme
5.6 Monitoring audit programme
5.7 Reviewing and improving audit programme
6 Conducting an audit
6.1 General
6.2 Initiating audit
6.3 Preparing audit activities
6.4 Conducting audit activities
6.5 Preparing and distributing audit report
6.6 Completing audit
6.7 Conducting audit follow-up
7 Competence and evaluation of auditors
7.1 General
7.2 Determining auditor competence
7.3 Establishing auditor evaluation criteria
7.4 Selecting appropriate auditor evaluation method
7.5 Conducting auditor evaluation
7.6 Maintaining and improving auditor competence
Annex A Additional guidance for auditors planning and conducting audits
A.1 Applying audit methods
A.2 Process approach to auditing
A.3 Professional judgement
A.4 Performance results
A.5 Verifying information
A.6 Sampling
A.7 Auditing compliance within a management system
A.8 Auditing context
A.9 Auditing leadership and commitment
A.10 Auditing risks and opportunities
A.11 Life cycle
A.12 Audit of supply chain
A.13 Preparing audit work documents
A.14 Selecting sources of information
A.15 Visiting the auditee’s location
A.16 Auditing virtual activities and locations
A.17 Conducting interviews
A.18 Audit findings
ISO 19011:2018

Applying ISO 19011

Auditing in accordance with ISO 19011 involves several main steps to ensure effective and efficient auditing processes.

Here are those steps.

Establish Audit Objectives and Criteria

  • Define the objectives of the audit, including the scope, purpose, and desired outcomes.
  • Establish audit criteria based on applicable standards, regulations, policies, procedures, and organizational requirements.

Select Audit Team and Resources

  • Assemble a competent audit team with the necessary skills, knowledge, and experience to conduct the audit effectively.
  • Allocate resources, including personnel, time, and equipment, to support the audit activities.

Plan the Audit

  • Develop an audit plan that outlines the audit scope, objectives, criteria, methodology, and schedule.
  • Identify audit activities, tasks, responsibilities, and resources required for each stage of the audit process.

Conduct Opening Meeting

  • Hold an opening meeting with auditee(s) to introduce the audit team, clarify audit objectives and scope, and discuss audit procedures.
  • Review the audit plan, schedule, and logistics with auditee(s) and address any questions or concerns.

Collect Audit Evidence

  • Gather audit evidence through various methods, including interviews, document reviews, observations, and sampling.
  • Verify the conformity of management system practices and processes against established criteria.

Analyze and Evaluate Audit Findings

  • Analyze audit evidence to identify strengths, weaknesses, opportunities for improvement, and areas of nonconformity.
  • Evaluate the significance and implications of audit findings based on their impact on the effectiveness and performance of the management system.

Communicate Audit Results

  • Prepare an audit report that summarizes audit findings, conclusions, and recommendations.
  • Communicate audit results to auditee(s), including identified nonconformities, observations, and opportunities for improvement.

Conduct Closing Meeting

  • Hold a closing meeting with auditee(s) to review audit findings, discuss any corrective actions required, and agree on follow-up actions.
  • Provide feedback on the audit process, address any concerns raised by auditee(s), and confirm understanding of audit outcomes.

Follow-Up and Verify Corrective Actions

  • Monitor and follow up on corrective actions taken by the auditee(s) to address identified nonconformities and improvement opportunities.
  • Verify the effectiveness of corrective actions through documentation review, interviews, and other verification methods.

Conduct Audit Program Review

  • Evaluate the effectiveness and efficiency of the audit process, including the adequacy of audit planning, execution, reporting, and follow-up.
  • Identify lessons learned, best practices, and areas for improvement to enhance future audit activities.

Maintain Audit Records

  • Maintain complete and accurate records of audit activities, including audit plans, checklists, evidence, reports, and correspondence.
  • Ensure that audit records are securely stored, accessible, and retained in accordance with organizational policies and regulatory requirements.

Ensure Auditor Competence and Impartiality

  • Ensure that auditors possess the necessary competence, qualifications, and training to perform audits effectively and impartially.
  • Uphold auditor independence, objectivity, and impartiality throughout the audit process, avoiding conflicts of interest or bias.

Apply Audit Principles and Practices

  • Apply audit principles and practices defined in ISO 19011, including independence, integrity, confidentiality, and professional ethics.
  • Conduct audits in a systematic, planned, and disciplined manner, adhering to established audit procedures and guidelines.

Adapt Audit Approach

  • Adapt the audit approach, techniques, and methods to suit the specific context, nature, and complexity of the management system being audited.
  • Remain flexible and responsive to changes in circumstances, emerging risks, and stakeholder needs during the audit process.

Ensure Compliance with Applicable Standards

  • Ensure that audit activities comply with relevant international standards, regulations, and guidelines, including ISO 19011 and any sector-specific requirements.
  • Stay updated on changes to audit standards and incorporate revisions into audit practices as necessary.

In conclusion…

By following these steps and adhering to ISO 19011 guidelines, auditors can conduct systematic, rigorous, and effective audits of management systems, providing valuable insights and assurance to organizations and stakeholders.

ISO 19011 can be purchased through the ISO.org website.

Keywords
Share this Article
Further Reading
Trending Articles

No Comments

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top