ISO 19011 is a standard that establishes auditing guidelines for management systems. The standard provides recommendations on how to manage an audit programme, auditing principles, and the evaluation of personnel in charge of audit programmes. An audit programme entails making plans to execute all of the individual audits required to meet a specified goal.

ISO 19011:2018 gives useful guidance on how to systematically enhance an audit programme, just as other departments in an organisation are expected to do. Continuously ensuring that the audit programme objectives are in line with the management system policies and objectives is one part of such improvement. Customers and other interested stakeholders should be considered when organisations push for auditing improvements.

The concept of risk is becoming increasingly important in auditing management systems and in business in general. Risk has been integrated throughout the audit programme management portion of the ISO 19011:2018 standard since the 2011 revision.

WHY SHOULD ISO 19011:2018 BE USED?


ISO 19011 and the ANSI version apply to you if your company conducts internal or external audits of management systems, or if you manage an audit programme.

ISO 19011 can be used by anyone participating in audits or audit programmes. ISO 19011 is for persons who are in charge of managing audit programmes and evaluating personnel who participate in audit programmes and audits. ISO 19011:2018 is likely to be useful to anyone entrusted with developing an audit programme.

What is the purpose of ISO 19011:2018?

ISO 19011 provides recommendations on how to audit a management system or audit programme at every stage, including:

  • 1. Defining program objectives
  • Ensuring you understand the specific objectives you hope to achieve
  • Making audit arrangements
  • Assigning roles and responsibilities
  • Defining number, scope, location, and duration of audits
  • Determining criteria and specific checklists
  • Establishing review procedures

  • 2. Completing the audits needed
  • Planning and reviewing internal documents
  • Collecting and verifying audit evidence
  • Generating findings and preparing reports
  • Communicating findings

  • 3. Reviewing the results and process
    • Assessing results and trends
    • Conforming with audit program procedures
    • Evolving needs and expectations of interested parties
    • Analyzing audit program records
    • Examining effectiveness of the measures to address risks
    • Ensuring confidentiality and information security