At the end of last year ISO published an updated edition of the ISO 19011 auditing standard which aims to help organisations to save money, time and resources by providing a uniform approach to multiple management system audits.
In today’s business environment, many organisations incorporate a number of management systems, such as quality, environmental, occupational health & safety and information security. As a result, these organisations want to harmonise and, where possible, combine the auditing of these systems.
Compared to the first edition of the standard published in 2002 which applied only to ISO 9001 (quality) and ISO 14001 (environment), the scope of ISO 19011:2011, Guidelines for auditing management systems, has been expanded to reflect current thinking and the complexities of auditing multiple management system standards (MSS).
The new standard aims to help user organisations to optimise and facilitate the integration of their management systems and, in facilitating a single audit of its systems, will streamline the audit processes, reduce duplication of effort and decrease disruption of work units being audited.
Specific attention is given to the implementation of the audit programme. By fully applying these guidelines, the prerequisites are provided to make auditing a crucial tool for top management to achieve the objectives of the organisation and add-value.
ISO 19011:2011 provides guidance on the conduct of internal or external management system audits, as well as on the management of audit programmes. Intended users of this International Standard include auditors, audit team leaders, audit programme managers, organisations implementing management systems, and organisations needing to conduct audits of management systems for contractual or regulatory reasons.
Alister Dalrymple, Convenor of the team that updated the guidelines, described the benefits which the new standard is expected to bring to users and the improvements made compared to the 2002 edition it replaces:
ISO 19011:2011 has been revised to provide auditors, organisations implementing management systems and organisations needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities.
Compared to the 2002 version, the standard adds the concept of risk and recognises more explicitly the competence of the audit team and individual auditors. Also, the use of technology in remote auditing is acknowledged, for example, conducting remote interviews and reviewing records remotely.”
Another improvement is the clarification of the relationship between ISO 19011:2011 and ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems. While those involved in management system certification audits follow the requirements of ISO/IEC 17021:2011, they might also find the guidance in this International Standard useful.
This post has been adapted from information published on the International Organisation for Standardisation website