ISO 19011 is an international standard that mentions guidelines for auditing management systems. ISO 19011 was first published in 2002. ISO 19011:2002 standard was used as a guideline standard for quality and/or environmental management systems auditing. Since then a number of management system standards have increased, so there was a need to have a common approach to audit management systems. Accordingly, in 2011 the standard was revised and ISO 19011:2011 was published as a guideline standard for auditing management systems. Again in 2018, the standard has again been revised and ISO 19011:2018 has been published as guideline standard for auditing management systems.
The new standard, ISO 19011:2018, has undergone a number of changes. These changes are summarised as under:
(i) Updates and changes in terminology
Most of the terms and definitions in ISO 19011:2018 are sourced from ISO 9000:2015 QMS standard with some modifications.
The terms 'document', 'documentation' and 'records' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2011 standard) have been replaced with the term 'documented information' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2018 standard), but at many places (please refer to clause 5.5.7 of ISO 19011:2018 standard) the term 'records' has also been used. Instead of the term 'suppliers', ISO 19011:2018 standard has used the term 'external providers' (please refer to the 'introduction' part of the standard).
ISO 19011:2018 standard in its clause 3 has included a few new terms and definitions, such as, combined audit (3.2), joint audit (3.3), objective evidence (3.8), requirement (3.23), process (3.24), performance (3.25) and effectiveness (3.26).
Clause 3 of ISO 19011:2011 has defined a term 'guide' (3.12), but this term is not defined in clause 3 of ISO 19011:2018, however the term 'guide' has been used in the standard guidelines (please refer to clause 6.4.2 of ISO 19011:2018 standard.
ISO 19011:2018 standard refers to ISO online browsing platform (link - https://www.iso.org/obp) that provide terminological databases for use in standardization.
(ii) Addition in the principles of auditing
There are six principles of auditing in ISO 19011:2011 standard. ISO 19011:2018 standard has seven principles of auditing with the addition of a new auditing principle - 'the risk-based approach' that considers risks and opportunities during the planning, conducting and reporting phases of the audit. Although the previous version, ISO 19011:2011 standard, suggests taking into consideration of a risk-based approach (please refer to its clause ), but it did not provide clear guidelines. Thus the new standard, ISO 19011:2018, places emphasis on risks and opportunities.
(iii) Changes in the clauses
The clauses 5, 6 and 7 have undergone a few changes and ISO 19011:2018 introduced a new clause 6.4.5 - audit information availability and access.
(iv) Emphasis on auditor competence
The new standard places emphasis on auditor competence. Generic competence requirements for auditors have been expanded in clause 7 of ISO 19011:2018 standard.
(v) Additional guidance on managing an audit programme
Additional guidance for determining and evaluating audit programme risks and opportunities is provided in clause 5.3 of ISO 19011:2018 standard.
(vi) Additional guidance on conducting an audit
A new clause 6.4.5 - audit information availability and access - has been introduced in ISO 19011:2018 standard.
(vii) Changes in Annex
Annex A 'Guidance and illustrative examples of discipline-specific knowledge and skills of auditors' of ISO 19011:2011 has not been included in ISO 19011:2018 standard. Annexe B 'Additional guidance for auditors for planning and conducting audits' of ISO 19011:2011 is now Annex A of ISO 19011:2018, which has been expanded with the additional sections on process approach to auditing (A.2), professional judgement (A.3), performance results (A.4), verifying information (A.5), auditing compliance within a management system (A.7), auditing context (A.8), auditing leadership and commitment (A.9), auditing risks and opportunities (A.10), life cycle (A.11), audit of supply chain (A.12), and auditing virtual activities and locations (A.16).
Thus, we notice that the new version of the standard considers evolving technologies and more focus on risks and opportunities.
Best wishes,
Keshav Ram Singhal
No comments:
Post a Comment