ISO 19011:2018 was released in July, and the new revisions have truly transformed the contents of the standard. The changes, including most significantly a new risk-based auditing approach, recognize the importance of managing risk in any management system, as well as the marketplace.
ISO 19011 provides guidelines for auditing management systems, enabling effective auditing across multiple systems at the same time. The document offers guidance regarding:
- The principles of auditing
- Managing an audit program
- Conducting management system audits
- Guidance on evaluating the competence of those involved in the audit process, including the managers, auditors and audit teams
It can be used by any organization that needs to conduct internal or external audits of management systems, including 2nd party and supplier audits.
The new standard revision puts an increased focus on risk – a Principle of Auditing has been added into Clause 4, and a series of new sub-clauses emphasizes the standard’s new risk-based approach principle, including calls for consideration of risk and opportunities when performing an audit and managing the audit program.
Auditors are now advised to employ a Risk Based Approach, an audit approach that considers risks and opportunities. This risk-based approach, according to the new language, should “substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.”
This Risk Based Approach joins Integrity, Fair Presentation, Due Professional Care, Confidentiality, Independence and Evidence Based Approach as ISO 19011’s expectations. Your certification body will want to see your knowledge of the new standard, implementation plans and timing for your company to adopt this new approach to your internal audits.
Other revisions to the standard include:
- Additional guidance on managing an audit program
- Expanded guidance on conducting an audit
- An expansion of the generic competence requirements for auditors
- Adjusted terminology to reflect the process and not the object
- Removal of the annex providing competence requirements for auditing specific management system disciplines
- An expansion of Annex A to provide guidance on auditing new concepts such as organizational context, leadership and commitment, virtual audits, compliance and supply chain.
SimpleQuE’s auditors have extensive training and experience and follow ISO 19011’s guidelines for conducting audits, can you say the same for your auditors? Contact us for more information about training your internal auditors or outsourcing your audits.