How to audit with ISO 19011?

 

What is ISO 19011? What is the ISO audit standard for? What training is there on ISO 19011?

Many of the ISO standards are focused on providing the knowledge and tools that are needed to implement a management system in an organization. This system can be focused on quality (ISO 9001), information security (ISO 27001) or environmental management (ISO 14001), to name a few examples.

But who is responsible for ensuring that these systems are well implemented and working properly? Normally an internal audit is carried out to check if modifications or corrections should be made, and at this point the ISO 19011 standard would enter, one of the international standards developed by the International Organization for Standardization, focused on auditing management systems.

1. What is ISO 19011?

ISO 19011 consists of a series of guiding processes on how to conduct an audit program, as well as its planning and evaluation, and the competencies of the audit team. The objective of the audit is to help identify needs and conduct improvement activities.

This standard must be adapted to the type and size of the organization, as well as whether it is an individual or large-scale audit, internal or external, since what it provides are the guidelines to follow to perform the audit. ISO 19011 can be applied both to auditors, organizations that implement management systems and those that need to perform audits for contractual or regulatory relationships, or as a self-declaration, and for organizations that train auditors or certify people.

The latest version of this standard is ISO 19011:2018, which aims to make audit processes more effective in detecting deviations or deficiencies in management systems. This update allows companies to optimize the integration of their management systems, saving costs and efforts.

2. What is ISO 19011 about?

ISO 19011 deals with the audit of management systems, and covers both audit principles and program management, audit performance and evaluation. It includes the different types of audits that can be performed: product, process, or systems, as well as the principles that an audit must follow. These would be integrity, truthfulness, professional care, confidentiality, independence, and evidence.

Likewise, ISO 19011/2018 establishes the competences that the auditor must have and the guidelines to be followed to carry out internal or external audits.

3. What is ISO 19011 for?

One of the benefits of having ISO 19011 is that it gives a positive image of the organization, which translates into better credibility. It also allows you to be more effective and have more satisfied customers, make better decisions, and show commitment to continuous improvement.

For those who carry out the audit, it helps them to analyze the risks, manage the audit program, plan or design it, and know their functions and competencies. It also allows them to know how to detect deviations and write the audit report.

4. Courses on ISO 19011

The ISO 19011 standard allows auditing different management systems, and that is why many courses offer together the knowledge to implement a specific ISO standard (for example, quality, environment, or information security) and those of the ISO auditing standard, since it is part of the process of implementing a management system according to these international standards.

5. ISO 19011 standard vs. ISO 17021 standard

As there are so many ISO standards, it is normal that sometimes it is difficult to distinguish them. In this case, ISO 19011:2018 Guidelines for the audit of management systems is different from ISO 17021-2:2018 for conformity assessment. Requirements for bodies conducting audit and certification of management systems.

The main difference between the two is that the former provides guidelines for audits, while the latter sets out the requirements to be followed by accreditation bodies to assess certification bodies.