In autumn 2018 the international standard with guidelines for management system auditing was updated. This has implications to all auditors at all levels who are now expected to reflect a new approach to auditing
The ISO 19011:2018 – Changes include:
- updates in terminology, ensuring better consistency across standards and recognising some of the new approaches to risk-based auditing
- the addition of a new, seventh, principle of auditing,
- minor alterations in clauses 5 to 7 on developing auditing programmes and how competences of auditors will be defined
Changes in terminology:
Within the revision of the Terms and Definitions section, the revision includes:
- the inclusion of the most important terms and definitions of ISO 9000:2015 such as: audit, audit team, management system, and risk. Note that there is now evidence to objective evidence and that it will be assessed objectively
- the terms ‘documents and records’ have been replaced with ‘documented information’ and
- ‘suppliers’ has been replaced with ’external providers’.
Clause changes – ISO 19011:2018
The clauses (5, 6, & 7) within ISO 19011:2018 have undergone a complete update and re-organisation to reflect Annex SL structures and the updates to ISO 9001 etc. Core to the changes is the consideration of a risk-based approach to auditing (the new, seventh, principle of auditing)– this means considering risks when developing the audit programme as well as when collecting evidence during an audit. Auditors now should be asking themselves if risks have been identified and that they are being effectively managed within the scope of every audit they complete.
Auditor competencies has been updated in Section 7 which covers the overall competence of the audit team for each individual audit. This includes expectation on knowledge and skills as well as achieving competence through experience and by audit delivery.
Importantly, from now on, audit team leaders are expected to possess the competencies to discuss strategic issues with the top management. This will also have to be demonstrated during Certification Body Audits.
A new Annex A (which contains much that was in the old Annex B) provides further supporting information on a wide range of issues that will be of use to the auditor. This includes human interaction (how auditors conduct interviews and get the best information from people, professional judgement (which partly comes from experience) and how we verify the information and evidence collected in the audit process.
To Summarise, the main changes in the ISO 19011:2018 standard include:
- Updated terms and definitions so as to be in line with the definitions used in other standards;
- The addition of the 7th principle of auditing – risk-based approach;
- Additional information on managing an audit programme, including audit planning, audit programme risk, conducting an audit, elaboration of the generic competence requirements for auditors;
- Expansion of Annex B (now Annex A), including the additional sections on process approach, lifecycle, professional judgment, audit risks and opportunities, audit leadership and commitment use of information and communication technologies during auditing virtual activities
“The focal point of the new version of the standard is the consideration of evolving technologies and the increased focus on risk.” Auditor Training now becomes more important to your organisation than ever before….