ISO 19011:2011 provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditors and audit teams.
ISO 19011:2011 is applicable to all organizations that need to conduct internal or external audits of management systems or manage an audit programme.
The application of ISO 19011:2011 to other types of audits is possible, provided that special consideration is given to the specific competence needed.
Who can use ISO 19011:2011?
If your organization conducts internal or external audits of management systems, or if you manage an audit program, then ISO 19011 and the ANS version apply to you.
Anyone involved in audits or audit programs can use ISO 19011. More specifically, ISO 19011 is for people in charge of managing an audit program and evaluating individuals involved in the audit programs and audits. Anyone who has been tasked with improving an audit program will find ISO 19011:2011 of value.
What does ISO 19011:2011 accomplish?
ISO 19011 offers guidance on every step of auditing a management system or audit program, including:
- Defining program objectives
- Ensuring you understand the specific objectives you hope to achieve
- Making audit arrangements
- Assigning roles and responsibilities
- Defining number, scope, location, and duration of audits
- Determining criteria and specific checklists
- Establishing review procedures
- Completing the audits needed
- Planning and reviewing internal documents
- Collecting and verifying audit evidence
- Generating findings and preparing reports
- Communicating findings
- Reviewing the results and process
- Assessing results and trends
- Conforming with audit program procedures
- Evolving needs and expectations of interested parties
- Analyzing audit program records
- Examining effectiveness of the measures to address risks
- Ensuring confidentiality and information security