ISO 19011:2018 - Auditing Management Systems Guidelines

A new standard revision, ISO 19011:2018 – Guidelines for auditing management systems, has been released.

Harmonizing ISO Management Systems Standards

ISO management systems standards are nothing new. In fact, ISO 9001 dates back to 1987, but has, of course, seen numerous revisions to keep it current. Today, beyond quality management, over 70 management system standards cover the vast array of issues associated with safety and compliance, from environmental management to adventure tourism.

However, changes made to harmonize the assortment of ISO management system standards over the past several years have been substantial. Beginning with the publication of ISO 9001:2015, many alterations made to management system standards have gravitated towards the shared High Level Structure, identical core guidelines, and common terms and definitions. Furthermore, these standards have undergone revisions emphasizing the importance of risk management and the involvement of top management.

Changes to ISO 19011:2018

Because of these widespread adjustments, ISO 19011:2018, the standard detailing guidance on the auditing of management systems, was in need of a revision. Management system standards often become the benchmark for the system they detail, but further guidance is helpful. Auditing can provide an objective look at an organization’s management system processes, leading to results that may provide input in analyses and help identify areas for improvement.

Since it needs to consider a broader approach to management system auditing in response to the numerous updates to the many ISO management system standards, ISO 19011:2018 was revised with the following changes from the second edition of the same standard:

A risk-based approach to the principles of auditing has been added.
Guidance on managing an audit program has been expanded, specifically on auditing program risk.
Guidance on conducting an audit has been expanded, particularly the section on audit planning.
Generic competence requirements for auditors has been expanded.
Terminology has been adjusted to reflect the process and not the object.
The informative annex on “Guidance and illustrative examples of discipline-specific knowledge and skills of auditors” (Annex A in ISO 19011:2011) has been removed. The rationale for this is that, due to the large number of individual management system standards, it would be impractical to include competence requirements for all disciplines.
Annex A, “Additional guidance for auditors planning and conducting audits” (Annex B in ISO 19011:2011), has been expanded to provide guidance on auditing concepts such as organization context, leadership and commitment, virtual audits, compliance, and supply chain.

About ISO 19011

With these improvements, ISO 19011:2018 still details the principles of auditing, managing an audit program, and conducting management system audits. It also details guidance on evaluating the individuals managing the audit program, auditors, and audit teams.

In accordance with ISO 19011:2018, an audit can be conducted against the guidelines defined in management system standards, the needs of interested parties, statutory and regulatory requirements, quality plans, and/or other audit criteria.

Audits can be internal (first party), conducted by external providers and other external interested parties (second party), or for certification or by regulatory bodies (third party). ISO 19011:2018 is applicable to all organizations that need to plan and conduct internal or external audits or management systems or manage an audit program.

Furthermore, ISO 19011:2018, like its predecessors, is applicable to organizations of all types and sizes and audits of varying scopes and scales.