Update on ISO 19011Guidelines for auditing management systems

ISO 19011:2018 was published in July 2018. The revised ISO 19011 is intended to provide a broader approach to management system auditing and guidance that is more generic to reflect the growing number of management system standards and their recent revisions.

A new auditing principle, risk-based approach: an audit approach that considers risks and opportunities, is added in the revision edition. The risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the audit client, and for achieving the audit programme objectives. Risk-based approach to planning is also emphasised in audit planning.

There are a number of minor changes in Clause 5 5          Managing an audit programme, Clause 6 Conducting an audit and Clause 7 Competence and evaluation of auditors. A new sub-clause 6.4.5 Audit information availability and access is also added to provide guidance the selection of audit methods based on where, when and how to access audit information.

Desired professional behaviors of auditor are also expanded to include being able to act with fortitude, open to improvement, culturally sensitive and collaborative. The audit team leader is also expected to have the competence to discuss strategic issues with top management of the auditee to determine whether they have considered these issues when evaluating their risks and opportunities.

Annex A (informative) Additional guidance for auditors planning and conducting audits has been undergone substantial changes to incorporate guidance for process approach to auditing, professional judgment, performance results, auditing compliance within a management system, leadership and commitment, risks and opportunities, life cycle, supply chain and virtual activities and locations