Embed Size (px)
DESCRIPTION
ISO 19011:2011 – Guidelines for Auditing Management Systems. John Coady Chief Audit Manager. ISO 19011:2011 – Guidelines for Auditing Management Systems. Second edition of ISO 19011:2011 Cancels and replaces the first edition (ISO 19011:2002), which has been technically revised - PowerPoint PPT Presentation
Citation preview
© FSAI
John Coady
Chief Audit Manager
ISO 19011:2011 – Guidelines for Auditing Management Systems
© FSAI
• Second edition of ISO 19011:2011 Cancels and replaces the first edition (ISO 19011:2002), which has been technically revised
• Main differences are as follows:• Scope• Relationship between ISO 19011 and ISO/IEC 17021• Remote audit methods• Concept of risk• Confidentiality• Clauses 5,6 & 7 reorganised• Annex B – additional information• Competence determination & evaluation process
strengthened• Annex A – discipline-specific knowledge & skills• ISO public website (www.ISO.org/ISO19011Auditing)
ISO 19011:2011 – Guidelines for Auditing Management Systems
© FSAI
Scope
• Scope has broadened to provide guidance on auditing management systems rather than auditing quality and environmental management systems
• Annex A illustrates the application of the guidance in Clause 7 (Competence and Evaluation of Auditors) to different disciplines
• Title of Standard amended in line with new scope
© FSAI
Relationship between ISO 19011 and ISO/IEC 17021
Internal AuditingExternal Auditing
Supplier Auditing Third Party Auditing
Sometimes called First Party Audit
Sometimes called Second Party Audit
For legal, regulatory and similar purposes*
*See also the requirements in ISO/IEC 17021:2011
© FSAI
Remote Audit Methods
• Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance - on-site activities are performed at the location of the auditee
• The feasibility of remote audit activities can depend on the level of confidence between auditor and auditee’s personnel
• It should be ensured that the use of remote and on-site application of audit methods is suitable and balanced, in order to ensure satisfactory achievement of audit programme objectives
© FSAI
Concept of Risk
• ISO 19011:2011 introduces the concept of risk to management systems auditing
• The approach adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the audit to interfere with the auditee’s activities and processes
• ISO 19011:2011 does not provide specific guidance on the organisation’s risk management process, but recognises that organisations can focus audit effort on matters of significance to the management system
© FSAI
Confidentiality
New Principle of Auditing in Clause 4 Confidentiality: security of information
• Auditors should exercise discretion in the use and protection of information acquired in the course of their duties
• Audit information should not be used inappropriately for personal gain by the auditor or the audit client, or in a manner detrimental to the legitimate interest of the auditee
• Concept includes the proper handling of sensitive or confidential information
© FSAI
Clauses 5,6,7 Reorganised
• Clause 5 - Provides guidance on establishing and managing an audit programme, establishing the audit programme objectives, and coordinating auditing activities
• Clause 6 - provides guidance on planning and conducting an audit of a management system
• Clause 7 - provides guidance relating to the competence and evaluation of management system auditors and audit teams
© FSAI
Annex B - Removal of Help Boxes• ISO 19011:2002 provided supplementary guidance or
examples on specific topics in the form of practical help in boxed text. In some instances, this is intended to support the use of this International Standard in small organisations
• The help boxes have been removed in the ISO 19011:2011: Some information has been moved to new Annex B Some information has been incorporated into the
text Some information is no longer included e.g.
examples of audit programmes
• Annex B contains extra information e.g. additional guidance on conducting a document review
© FSAI
Competence Determination and Evaluation Process has been Strengthened
• Clause 7 provides guidance relating to the competence and evaluation of management system auditors and audit teams
• The evaluation should be conducted using two or more of the methods selected from those in Table 2 of Clause 7.4 i.e.
ISO 19011:2002 stated that evaluation should be undertaken using 1 or more of the methods above
Review of records Observation
Feedback Testing
Interview Post-audit review
© FSAI
Annex A - Discipline-Specific Knowledge & Skills
Illustrative example of discipline-specific knowledge and skills of auditors in:
• Transportation safety management• Environmental management• Quality management• Records management• Resilience, security, preparedness and continuity
management• Information security• Occupational health and safety management
© FSAI
ISO Public Website
More information has been made available on an ISO public website (www.ISO.org/ISO19011Auditing).
© FSAI
