ISO19011:2011 Published
Summary of the changes within ISO 19011:2011
Overview
ISO 19011 has been revised to provide persons involved in management system auditing with good audit practice guidance relevant to today’s environment where many organizations operate a management system covering multiple disciplines, for example quality, environment, occupational
health and safety and information security etc.
The Principles of auditing on which the guidance is based have been revised and expanded to include the new principle of ‘Confidentiality – security of information’. A principle that requires auditors to be prudent in the use and protection of information acquired in the course of their duties.
The main body of ISO 19011:2011 sets out good practice for Managing an Audit Programme and Performing an Audit. Updated to reflect current thinking and in parts expanded significantly. These sections provide detailed guidance; intended to be used flexibly according to the size, level of maturity of an organization’s management system, the nature and complexity of the organization to be audited. The concept of risk in auditing is introduced. Some guidance is given on combined audits, where two or more management systems of different disciplines are audited together (e.g. EMS and OHSAS). Also, the use of technology in remote auditing is acknowledged. For example conducting remote interviews and reviewing records remotely. Although significantly rewritten, the overall approach to managing an audit programme and planning and conducting audits described in these two sections is consistent with the previous issue and with requirements of ISO 17021:2011.
Changes have been introduced in the guidance on Competence and evaluation of auditors. As would be expected given that ISO 19011:2011 addresses auditing management system covering multiple disciplines some of these are wide ranging. The significant changes include:
ISO 19011:2011 identifies that necessary auditor competence comprises generic knowledge and skills of management systems, plus discipline (e.g. EMS) and sector (e.g. aerospace) knowledge and skills. Annex A (informative) gives examples of discipline-specific knowledge and skills of auditors, including:
Transportation safety management
Environmental management
Quality management
Records management
Resilience, security, preparedness and continuity management
Information security
Occupational health and safety
No guidance is given on sector specific knowledge and skills of auditor. These may be developed later and published separately.
ISO 19011:2002 gave guidance on education, work experience, auditor training and audit experience that contribute to development of the knowledge and skills needed to perform audits and lead audit teams. ISO 19011:2011 also gives guidance on knowledge and skills of management system auditors and an audit team leader but no longer makes reference to auditors having completed education, work experience, auditor training and audit experience.
This change recognises that education, work experience, training and audit experience are enablers to competence, which ISO 19001:2011 and ISO 17021:2011 define as ‘ability to apply knowledge and skills to achieve intended results’. Also, ISO 19011:2011 and ISO 17021:2011 recognise that mpetence needs to be evaluated, which can be done in a variety of ways, for example a combination of testing and examination, interview and observed audits.
