Preparing for an Integrated Management Systems Audit: ISO 19011:2011

Audit, Compliance Management, ISO Standards

The ISO 19011:2011 standard outlines the process for auditing an integrated management system.

This includes:

  1. The principles of auditing
  2. Managing an audit programme
  3. Advice on conducting an audit on a management system

It also advises on the assessment of individuals involved in the audit process including the lead auditor and audit team.

This standard is applicable to all organisations that need to conduct internal or external audits of management systems.

This aim of ISO 19011 is to save time, effort and money by:

  • Securing agreement on the goals for individual audits within an audit programme.
  • Reducing duplication when conducting audits
  • Ensuring audit reports follow the best format and contain all the relevant information
  • Evaluating the competence of the members of the audit team against appropriate criteria

Types of audits:

  • First party: Internal – the organisation audits its own systems. This measures the strengths and weaknesses of the management system against the system requirements.
  • Second party: Supplier – audits of other facilities. One organisation audits the another with which it has a contract to supply goods and services.
  • Third party: Certification – independent of the organisation being audited. This verifies compliance with specific standards.

The Principles of Auditing:

The principles of auditing ensure that an audit is an effective and reliable tool in support of management policies and controls, by providing information on which an organization can act in order to improve its performance.

The principles outlined by ISO 19011:2011 include:

  1. Integrity
  2. Fair presentation
  3. Due professional care
  4. Confidentiality
  5. Independence
  6. Evidence-based approach

Managing an Audit Programme:

An organization which needs to conduct audits should establish an audit programme. This will determine the effectiveness of the management system. The magnitude of the audit programme should be based on the size and nature of the organisation being audited, as well as the functionality, complexity and level of maturity of the management system which is subject to the audit.

Priority should be given to allocating programme resources to auditing the issues of significance within the company such as hazards related to health and safety, key characteristics of product quality or significant environmental aspects.

The audit programme should include information and resources necessary to organise and conduct audits effectively and efficiently within the specified time frame. Typical of the information to be included in the programme is the following:

  • Objectives for the programme and individual audits
  • Schedule of audits
  • Audit procedures or protocols
  • Audit criteria
  • Audit methods
  • Selection of audit teams
  • Logistics such as travel and accommodation
  • Processes for handling confidentiality, information security etc.

Conducting an Audit:

When an audit is initiated, responsibility for conducting the audit resides with the assigned audit team leader until the audit is completed.

Pre-audit activities may include:

Audit2

ISO 19011 pre-audit activities


Audit activities will include:

activities

ISO 19011 audit activities


Post-audit activities include:

post

ISO 19011 post-audit activities

The next blog in this series will focus on pre-audit activities.

Sources:

ISO 19011:2011 Full Standard: http://www.cnis.gov.cn/wzgg/201202/P020120229378899282521.pdf

ISO 19011:2011 Overview: http://www.iso.org/iso/catalogue_detail?csnumber=50675

Audit types: http://www.aatb.org/files/Audit%20Types%20presentation%20-%20Sue%20Brewster.pdf

Tags
Integrated Management Systems , ISO 19011 , Preparing for an audit
Related Posts
ISO 14001 – Clause 6.1.1 Actions to address risks and opportunities ISO 14001 – Clause 5.2: Environmental Policy ISO 14001:2015 and the Process Approach ISO 14001 – Clause 4.4: Environmental Management System ISO 14001 – Clause 4.3: Determining the scope of the Environmental Management System Implementing ISO 45001:2018 – Our Experience History of Health & Safety in the UK Auditing Standard ISO 19011 Reaching New Heights with Revision Integrated Management Systems: Benefits and Constraints A Deeper Look at ISO 45001
Request a Demo  
Request a Demo

See Pegasus in action

The best way to understand what Pegasus can do for you, is to see it in action. Request a demo and one of our consultants will set-up a quick online tailored demo to run through the relevant aspects of the service.
  • This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.