Auditing Management System per ISO 19011
ISO 19011 is an international standard and serve as a guidelines for auditing management systems. The standard is targetted for organizations that need to conduct internal and/or external management system and manage audit programmes. The latest version of ISO19011 covers the principles of auditing the management system and how to conduct a the audit. ISO 19011 was first published in 2002 and it was used as a guideline for quality (ISO 9001) and/or environmental (ISO 14001) management systems auditing. Due to the recent development in most of QMS standard across various discipline, ISO 19011 has been updated to reflect those changes.
ISO 19011:2018 – Key Changes
The changes cover, among others, updated terminology, the application of the seventh principle of auditing, some alterations in clauses 5 to 7, newly added clauses and sub-clauses, as well as sections in Annex B
Changes in terminology:
The Terms and definitions section within ISO 19011:2018 has been revised. as a result of changes made in ISO 9000:2015 such as: audit, audit team, management system, and risk. The terms ‘documents and records’ have been replaced with ‘documented information’ and ‘suppliers’ has been replaced with ’external providers’, among others. Other than these, there are also new terms and definitions have been included. Example are as listed in the table below:
Changes in the principles of auditing:
The 2018 version, just like many other standard that has been introduced upon the ISO9001 :2015 version is the enhanced focus of "the risk-based approach" which considers risks and opportunities along the entire audit process. In order to ensure this is done thoroughly, the risk needs to be considered from the design of the audit programme up to the issuance of the audit report.
This principle has gelled together with the rest of the document structure, and significantly can be spotted in Section 5. Below are the illustration on how the audit process to be managed (taken from ISO19011)
Changes in the clauses of ISO 19011:2018
The clauses (5, 6, & 7) have seen some minor scale of adjustment. Section 7 emphasis has been added/changed by concentration the auditors’ competencies. Additionally, audit team leaders are expected to possess the competencies that enable him/her to discuss strategic issues with the top management. This requirement is further strengthened by the addition of Clause 6.4.5 : Audit information availability and access;
Changes in the Annexes of ISO 19011:2018:
There has been quite a significant changes with regard to annex since the additional sections have been embedded in Annex A. This time the emphasis is heavily placed on performance and results, process approach auditing concept, professional judgment on audit outcomes, the impact that organization could impose over the stages of its product and/or service lifecycle, and risk based thinking auditing as well as the opportunities. Other important addition include supply-chain auditing, auditing the role of leadership and their commitment and auditing compliance within a management system. This annex also contained examples of the knowledge and skills required to conduct audits in particular types of industries. The formerly known Annex B has now become Annex A.
The main changes in the ISO 19011:2018 standard include:
• Updated terms and definitions so as to be in line with the definitions used in other standards;
• The addition of the 7th principle of auditing (risk-based approach)
• Additional information on managing and planning the audit while adding risk based thinking and elaboration of the generic competence requirements for auditors.
• Additional sections on process approach, lifecycle, professional judgment, audit risks and opportunities, audit leadership and commitment.