ISO 19011 2011 Plain English Introduction


ISO 19011 2011 is a standard for auditing management systems.
It was developed by ISO Technical Committee 176, Subcommittee 3.
ISO/TCC176176 is responsible for "quality management and quality
assurance" and SC 3 is responsible for "supporting technologies".

The official name of this standard is ISO 19011:2011 Guidelines
for auditing management systems
. They're referred to as guidelines
because they’re voluntary. They’re not requirements or contractual
obligations. These guidelines can be found in the following four

4. Audit Principles
5. Audit Program
6. Audit Activities
7. Auditor Competence

Part 4 outlines the principles that are (or should be) the foundation
of management system auditing. They define the essential nature
of auditing and should therefore influence how audit programs
are designed, how audit activities are carried out, and how
auditor competence is evaluated.

Part 5 explains how management system audit programs are
designed and managed. It discusses how program objectives are
established and how audit programs are developed, implemented,
monitored, reviewed, and improved.

Part 6 explains how audit activities are planned and performed.
It discusses how audits are initiated, how auditors prepare for
audits, how they carry out audits, how audit results are
reported, and how audits are completed.

Part 7 explains how the competence of management
system auditors is evaluated. It discusses how competence
requirements are defined, how auditor evaluation criteria are
developed, how auditor evaluation methods are selected,
and how competence is evaluated and improved.

ISO 19011 2011 vs ISO 19011 2002

ISO first published this standard in 2002. This second edition
was published on November 15, 2011. It cancels and replaces
the first edition. If you compare the first and the second edition,
you'll notice some important differences.

New Scope. Perhaps the biggest difference relates to the
scope of the standard. The old standard applied only to quality
and environmental management systems. The new standard
now applies to all types of management systems.

New Focus. There are two auditing standards that apply to
management systems: ISO 19011 2011 and ISO IEC 17021 2011.
The relationship between these two standards has now been
clarified. ISO 19011 2011 applies to first and second party
audits while ISO 17021 2011 applies to third party audits.

New Principle. The standard now wants you to care about
confidentiality and information security. It wants you to handle
information with due care and discretion. It wants you to protect
information that is sensitive or confidential. In general, it now
wants you to be careful about how you and your clients manage
information acquired during the course of an audit.

New Concept. The new standard now wants you to think about
risk. It now expects you to consider the risks that could affect the
achievement of audit program objectives. It also suggests that you
allocate audit program resources so that more significant matters
receive priority. Adding more resources to more important matters
is called risk-based auditing.

New Method. The new standard now asks you to consider
using remote audit methods in addition to onsite audit methods.
Remote audit methods are carried out away from the auditee's
physical location. They include long distance interviews and
the use of interactive electronic communications.

New Annexes. Finally, the standard now has two annexes. Annex A
describes the type of knowledge and skill that management system
auditors should have and Annex B is designed to help auditors to
plan and perform their work.

ISO 19011 2011 has also been rewritten, reorganized, and
expanded. And because it's a new standard, many sections
have been strengthened and improved.

ISO 19011 2011 vs ISO IEC 17021 2011

The following table will show how the ISO 19011 and ISO IEC 17021
standards are related. As you can see, ISO 19011 should be used if
you're interested in first or second party audits and ISO IEC 17021
should be used if you're interested in third party audits.






ISO 19011

ISO 19011

ISO IEC 17021

audit themselves.

Customers audit
their suppliers.
Regulators and
other interested
parties audit


bodies and
regulators audit


Organizations use first party audits to audit their own performance.
First party audits are used to confirm or improve the effectiveness of
management systems. They're also used to declare that an organization
complies with a standard (this is called a self-declaration).

Second party audits are external audits. They’re usually done by
customers (or by others on their behalf) when they wish to audit their
suppliers. However, they can also be done by regulators or any other
external party that has a formal interest in an organization.


As the previous table shows, ISO 19011 2011 should
be of interest to both internal and external auditors.

Use ISO 19011 if:

  • You need to improve your audit process.
  • You need to develop your own audit program.
  • You need to train management system auditors.
  • You need to manage and control audit activities.
  • You need to do audits to comply with contracts.
  • You need to certify management system auditors.
  • You need to evaluate the competence of auditors.
  • You need to audit your own management systems.
  • You need to make a self-declaration of compliance.
  • You need to carry out audits for regulatory reasons.
  • You need to audit your supplier's management system.

Use ISO 19011 if you audit:

  • Risk management systems
  • Safety management systems
  • Health management systems
  • Quality management systems
  • Energy management systems
  • Service management systems
  • Disaster management systems
  • Records management systems
  • Document management systems
  • Emergency management systems
  • Food safety management systems
  • Sustainability management systems
  • Environmental management systems
  • Business continuity management systems
  • Information security management systems
  • Transportation safety management systems
  • Supply chain security management systems
  • Organizational resilience management systems
  • Occupational health and safety management systems

ISO 19011 can be used by any organization no matter what
size it is or what it does. It can be used by both public and private
organizations and by groups, associations, and enterprises of all
kinds. It is not specific to any sector or industry and can be used
to improve any audit process.

However, exactly how you apply ISO 19011 is up to you and will
depend on your organization’s needs, objectives, and challenges,
and should reflect what it does and how it operates


ISO 19011 2011 has two Annexes. Plain English versions
of this material can be found at the end of this publication.

According to ISO 19011, auditors need to have discipline-specific
and sector-specific knowledge and skill in order to be able to audit
specialized management systems and sectors, to evaluate auditees'
activities, processes, and products, and to generate appropriate audit
findings and reach valid conclusions. Annex A describes the type of
knowledge and skill that management system auditors need to have.
Use this material to help you select and evaluate your auditors.

Annex B will help management system auditors to plan and perform
their work. It discusses audit methods, document reviews, audit
sampling, working papers, information sources, onsite visits,
audit interviews, and audit findings


Plain English Auditing Definitions

Brief Overview of Auditing Standard

ISO 19011 2011 Audit Assessment Tool

ISO 19011 2011 Translated into Plain English

Annex A: Knowledge and Skills Auditors Should Have

Annex B: Planning and Performing Management System Audits

Updated on November 30, 2013. First published on May 24, 2012.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited   780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2012 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited