ISO 19011:2018 – Expected Changes

After the recent meeting of the international committee ISO/PC 302 JWG1, the revised ISO 19011—Guidelines for auditing management systems has become much clearer. Here’s an example of a change:

Risk-based approach:

This has been the most significant addition to ISO 19011 so far.  The High Level Structure requires that planning be done based on the organization’s risks and opportunities (section 6.1), which in turn should be derived from the organizational context and its internal and external issues (sections 4.1 and 4.2). The current ISO 19011:2011 includes risk considerations only in relation to the actual audit program and individual audits, that is the risks of not achieving the audit objectives and the risks to the auditee as a result of the audit activities.  A significant new addition to the text of ISO 19011, starting with the inclusion and definition of a new auditing principle:

“Risk-based approach is an audit approach that considers risks and opportunities. The risk-based approach should substantively influence the planning, conducting, and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.”  

This addition in Section 5—Managing the audit program, suggests that consideration be given to the organization’s identified risks and opportunities and the actions taken to address them when preparing the audit program. While the High Level Structure requires internal audits “be conducted at planned intervals,” the new ISO 19011 suggests that audit priority should be given to allocating resources and methods to matters in a management system with higher inherent risk and lower performance.  STAY TUNED…

Leave a Reply