ISO
19011 2011 is a management system auditing standard.
If you
need to carry out first or second party audits, this standard is for you. First party audits are internal audits. They're used to confirm or improve the effectiveness of management systems. They're also used to declare that an organization complies with a standard. Second party audits are external audits. They are usually done by customer organizations or by others on their behalf when they wish to audit their suppliers. However, they can also be done by regulators or any other interested party. ISO 19011 2011 can also be used to establish a new audit program, to enhance the effectiveness of an existing program, or to improve auditing practices and processes. You can also use it to train and certify auditors and to evaluate and improve their competence. |
4. Audit PrinciplesA. Have integrity and be professional. Comply with all applicable legal requirements.
Withstand the pressures that may be exerted and the B. Present fair and truthful results. Make sure that audit results are fairly presented. Make sure that important concerns are reported. C. Exercise due professional care. Perform auditing tasks with due care and diligence. Make reasoned judgments in all audit situations. D. Care about confidentiality. Care about confidentiality and information security. Handle information with due care and discretion. Protect information that is sensitive or confidential. E. Be independent and impartial. Be independent of the activities being audited. Be impartial and always be free of bias. F. Use an evidence-based approach. Use
an evidence-based approach to reach |
5. Audit Program5.1. Create your audit program (or programme). Establish a management system audit program. Use
your audit program to evaluate the overall
Monitor and measure the implementation
Review your management system audit program 5.2. Set your program objectives. Ensure that audit program objectives are established.
Make sure that your audit program objectives support
Consider all relevant information when you Use
program objectives to ensure that your audit Use program objectives to direct audit planning. Use program objectives to direct audit activities. 5.3. Establish your audit program. 5.3.1. Perform audit program management tasks. Clarify the extent of your audit program. Define auditors roles and responsibilities. Develop procedures to manage audit program. Determine the resources that program needs. Implement and apply your audit program. Establish records for your audit program. Monitor your management system audit program. Review your management system audit program. Improve your management system audit program. Discuss your audit program with top management. 5.3.2. Clarify managers competence requirements. Make sure that your audit manager is competent.
Make sure that
audit manager has the competence
Make sure that your
audit manager has the Ensure that audit manager continues to be competent.
Ensure that audit manager continues to carry out 5.3.3. Specify the extent of your audit program.
Establish the extent of your management Consider the nature of your audits. Consider the nature of your audit criteria. Consider the nature of the auditee organization. Consider the nature of the systems being audited. Consider the nature and results of previous reviews. 5.3.4. Consider potential audit program risks.
Consider the risks that could potentially affect the Identify and evaluate program planning risks. Identify and evaluate program resource risks. Identify and evaluate program staffing risks. Identify and evaluate program implementation risks. Identify and evaluate program record keeping risks. Identify and evaluate program monitoring risks. Identify and evaluate program review risks. 5.3.5. Develop procedures to manage program.
Establish procedures to manage and control
Use procedures to manage and control 5.3.6. Identify program resource requirements. Identify financial resource requirements. Identify methodological resource requirements. Identify technological resource requirements. Identify human resource requirements. 5.4. Implement your audit program. 5.4.1. Apply your unique audit program.
Communicate and
share pertinent information Define objectives for each individual audit. Coordinate and control program activities. Appoint competent audit team members. Provide needed resources to audit teams. 5.4.2. Define the focus of each individual audit.
Define and document the objectives Define and document the scope of each audit.
Define and document the criteria
that 5.4.3. Select methods for each individual audit.
Select and
determine the methods that
Make sure that all audit managers agree on audit 5.4.4. Appoint personnel for each individual audit. Appoint audit team members for each separate audit. Appoint an audit team leader for each separate audit. Appoint technical experts for each separate audit. 5.4.5. Assign responsibility for individual audits.
Assign responsibility for an individual
Give the audit team
leader enough time to plan the
Give the audit team leader the information that 5.4.6. Manage your audit program outcomes.
Ensure that audit program outcomes Ensure that audit findings are evaluated. Ensure that root cause analyses are reviewed. Ensure that remedial actions are reviewed. Ensure that audit reports are reviewed. 5.4.7. Establish and maintain audit records.
Ensure that audit program records
Ensure that a record of each individual
Ensure that audit personnel records 5.5. Monitor and modify your program. Monitor the implementation of your program.
Modify your audit program whenever 5.6. Review and improve your program. Review your management system audit program. Summarize your results and report to top management. Improve your management system audit program. |
6. Audit Activities6.1. Manage your audit activities.
Perform audit activities that comply with your 6.2. Initiate your audit activities. 6.2.1. Conduct and control audit activities.
Make sure that an audit
team leader
Make sure that audit team leaders 6.2.2. Establish initial contact with auditee. Establish communications with the auditee. Confirm your agreement with the auditee. Share information with the auditee. Gather information about the auditee. Request access to documents and records. Make arrangements to conduct the audit. 6.2.3. Determine the feasibility of the audit.
Make sure that you are reasonably confident
Make sure that you have everything you 6.3. Get ready for your audit. 6.3.1. Perform document review. Select management system documentation for review. Review auditees management system documents. Gather information to prepare for audit activities. Establish an overview of system documentation. 6.3.2. Develop your audit plan. 6.3.2.1 Study source documents. Allocate audit planning responsibility to team leader. Consider how you plan to conduct your audit. Think about how you intend to use your audit plan. 6.3.2.2 Prepare official audit plan. Prepare your management system audit plan. Discuss your audit plan with the audit client. Present your audit plan to the auditee. 6.3.3. Assign work to audit team members.
Consult with audit team members before Assign roles and responsibilities to each auditor.
Hold team meetings or briefings whenever work 6.3.4. Prepare audit working papers. Prepare appropriate audit working papers. Use working papers to collect audit information. Control your audit working papers and records. Review your audit working papers and records. 6.4. Carry out your audit. 6.4.1. Establish audit sequence. Conduct your opening audit meeting. Review auditees documents during your audit. Communicate with participants during the audit. Assign responsibilities to guides and observers. Collect and verify information during the audit. Develop and document your audit findings. Discuss and prepare audit conclusions. Present audit findings and conclusions. 6.4.2. Conduct opening meeting. Plan your opening meeting. Hold your opening meeting. Introduce all participants. Discuss communication channels. Describe how the audit will be conducted. Clarify your approach to risk management. Explain how audit findings will be reported. Confirm that support services will be available.
Specify the conditions that could cause
Identify feedback
systems that the auditee 6.4.3. Perform document review. Review relevant documents provided by the auditee. Decide whether or not documents are adequate. Use document review to gather relevant information. Consider reviewing documents throughout the audit. 6.4.4. Communicate during audit.
Consider establishing formal communication Communicate with audit team members. Communicate with auditee and audit client. Communicate with external agencies (as required). 6.4.5. Assign guides and observers.
Consider asking or allowing guides
and
Assign roles and responsibilities 6.4.6. Collect and verify information. Select your information gathering methods. Collect information to support your audit findings. Record evidence used to establish audit findings. Address unusual evidence discovered during audit. 6.4.7. Generate your audit findings.
Establish audit
findings by evaluating your audit
Discuss your audit findings with audit team 6.4.8. Prepare your audit conclusions. Review audit findings and other related information. Discuss and consider your audit conclusions. Formulate and document your audit conclusions. Prepare recommendations (if audit plan requires it). Consider audit follow-up (whenever this is applicable). 6.4.9. Present findings and conclusions. Plan your closing meeting. Hold your closing meeting. Explain your audit methods. Present your audit findings. Describe your audit conclusions. Make recommendations (if appropriate). Discuss diverging opinions (if any). Develop a post-audit action plan. 6.5. Report your audit results. 6.5.1. Prepare your audit report. Consider reporting options and plan your audit report. Prepare your management system audit report. Include or refer to your audit objectives. Specify or refer to the scope of your audit. Identify or refer to sponsors and participants. Mention or refer to your audit agenda. Discuss or reference your audit criteria. Present or refer to your audit findings. Document or refer to your audit conclusions. 6.5.2. Distribute your audit report.
Finalize your
management system audit report in
Distribute your
management system audit report in 6.6. Complete your audit. Verify that your audit has been completed. Protect audit documents and related information. Keep a record of lessons learned during the audit. 6.7. Follow-up on your audit. Consider whether remedial actions should be taken. Ask auditee to provide remedial action status reports. Verify that remedial actions were actually taken. |
7. Auditor Competence7.1. Establish an auditor evaluation process. Develop a process to evaluate audit team members. Plan the evaluation of your audit team members. Evaluate the competence of audit team members. Maintain the competence of audit team members. Improve the competence of audit team members. 7.2. Define auditor competence requirements. 7.2.1. Consider the work that auditors need to do.
Consider the work your auditors are Consider the nature of your audit program. Consider the organizations to be audited Consider the management systems to be audited. Consider the requirements that must be met. 7.2.2. Be a professional and have good character.
Behave in a professional manner and exhibit good Be ethical (be truthful and honest). Be versatile (be adaptable and flexible). Be perceptive (be attentive and watchful). Be receptive (be willing to learn and improve). Be observant (be aware of your surroundings). Be collaborative (be capable of working with others). Be open-minded (be willing to consider alternatives). Be decisive (be able to draw timely conclusions). Be tenacious (be persistent and focused). Be self-reliant (be able to act independently). Be diplomatic (be tactful and try to be discreet). Be respectful (be sensitive to the auditee's culture). 7.2.3. Possess appropriate knowledge and skills. 7.2.3.1 Possess knowledge needed to achieve results.
Possess the
knowledge and skill that you need in
Possess the knowledge and skill that you need 7.2.3.2 Possess necessary generic knowledge and skills. A. Have generic auditing knowledge and skills.
Possess the knowledge and skill that you need Be able to plan audits and organize work. Be able to collect appropriate information. Be able to prioritize and focus on important matters. Be able to understand and use auditing knowledge. Be able to understand and consider expert opinion. Be able to verify accuracy of information collected. Be able to use working papers to record activities. Be able to evaluate the adequacy of audit evidence. Be able to meet confidentiality and security needs. Be able to document findings and conclusions. Be able to communicate clearly and effectively. Be able to stay on schedule and finish on time. Be able to prepare appropriate audit reports. Be able to comprehend auditing risks. B. Have management system knowledge and skills.
Possess the knowledge and skill that will ensure Understand and know how to use audit criteria.
Understand how management system standards
Understand management system components Understand all relevant reference documents. C. Have organizational knowledge and skills.
Possess the
knowledge and skill that will ensure that Understand organizational types and functions. Understand general business concepts and terms. Understand cultural and social characteristics. D. Have relevant legal knowledge and skills.
Possess the
knowledge and skill that will ensure that Understand relevant legal jurisdictions. Understand relevant governing agencies. Understand relevant legal concepts. Understand relevant laws and regulations. 7.2.3.3 Possess specialized auditing knowledge and skills.
Possess the discipline-specific and sector-specific Understand management system concepts. Understand legal requirements and obligations. Understand the expectations of interested parties. Understand discipline-specific fundamentals. Understand risk management methodologies. 7.2.3.4 Possess team leadership knowledge and skills.
Possess the
additional management and leadership Understand how to manage the audit process. Understand how to communicate with people.
Understand how to
balance the strengths and
Understand how to
develop harmonious working
Understand how to help audit team
Understand how to prepare and complete 7.2.3.5 Possess multidisciplinary knowledge and skills.
Possess the
discipline-specific competence that you
Possess the
competence needed to audit at least 7.2.4. Get appropriate auditing knowledge and skills.
Use formal education to acquire needed sector-specific
and
Use practical
training services to acquire the
Use work experience
to acquire general technical, 7.2.5. Encourage team leaders to get experience.
Acquire additional audit experience by working 7.3. Develop auditor evaluation criteria. Select qualitative auditor evaluation criteria. Select behavioral and character based criteria. Select knowledge and skill based criteria. Select quantitative auditor evaluation criteria. 7.4. Select auditor evaluation methods. Select two or more auditor evaluation methods. Consider using record reviews to evaluate auditors. Consider using feedback to evaluate auditors. Consider using interviews to evaluate auditors. Consider using observation to evaluate auditors. Consider using audit reviews to evaluate auditors. Consider using testing to evaluate auditors. 7.5. Evaluate the competence of auditors. Evaluate your management system auditors.
Compare the information collected about the auditor
Help auditors to improve whenever they fail to Encourage auditors to get more training. Encourage auditors to get more experience. 7.6. Maintain and improve auditor competence.
Maintain and continually improve the competence
Update your
professional development activities
Establish suitable evaluation mechanisms that you |
Updated on March 20, 2021. First published on May 24, 2012.
Praxiom Research Group Limited help@praxiom.com 780-461-4514 |
Legal
Restrictions on the Use of this Page Copyright © 2012 - 2021 by Praxiom Research Group Limited. All Rights Reserved. |