Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à ISO 19011 Revision
Similaire à ISO 19011 Revision (20)
Plus de Qualsys Ltd
Plus de Qualsys Ltd (20)
Dernier
Dernier (20)
ISO 19011 Revision
- 1. ISO 19011 REVISION Why is the standard being revised? What do you need to know now? Questions & further information Auditing Management Systems Emily Hill Marketing Executive, Qualsys Richard Green Founder & MD, Kingsford Consultancy Services
- 2. ISO 19011 OVERVIEW 1) Principles of auditing 2) Managing an audit program 3) Conducting of management system audits 4) Evaluation of competence of individuals involved in the audit process
- 3. WHY REVIEW? Natural evolution New breed of management system standards based on Annex SL New structure and content of new MS Standards
- 4. KEY ANTICIPATED CHANGES TO ISO 19011 Old sub clause order New sub clause order General General Conducting the opening meeting Assigning roles and responsibilities of guides and observers Performing document review while conducting audit Conducting the opening meeting Communication during the audit Communication during the audit Audit information availability and access (new) Assigning roles and responsibilities of guides and observers Reviewing documented information while conducting an audit Collecting and verifying information Collecting and verifying information Generating audit findings Generating audit findings Preparing audit conclusions Determining audit conclusions Conducting the closing meeting Conducting the closing meeting 7th Audit Principle Structural changes Role of ICT Professional Judgement Annex A changes Terminology changes
- 5. 3 PIECES OF ADVICE 1) Study the draft: do the new requirements make sense? Is there anything missing? 2) Send your feedback: Comment on the draft? 3) Use ISO 19011 to challenge the status quo: unhappy with audits?
- 6. WHAT NEXT? 1) Ballot 2) Mexico City 3) Publication mid-2018
- 8. MORE INTERNAL AUDITING RESOURCES http://quality.eqms.co.uk/blog/iso- 90012015-5-challenges-for-internal- auditors-friday-feature Internal Auditing ChallengesNext Generation Auditing Whitepaper http://quality.eqms.co.uk/iso-9001- auditing-whitepaper Further information 5 Benefits of Using Auditing Software http://quality.eqms.co.uk/blog/5- undeniable-advantages-of-using-software- for-auditing
- 9. Richard Green Kingsford Consultancy Services Ltd +44 (0)1225 400 435 RGreen@kingsfordconsultancyservices.co.uk www.kingsfordconsultancyservices.co.uk Emily Hill Qualsys Ltd +44 (0)114 282 3338 emily.hill@qualsys.co.uk www.eqms.co.uk
Notes de l'éditeur
- Emily & Richard Introduction
- ISO 19011:2011 is an International Standard which provides guidance on auditing management systems. It is applicable to all organisations that need to conduct internal or external MS audits or manage audit programmes. It covers; the principles of auditing – ‘moral values which underpin the profession’ - integrity, fair presentation, due professional care, confidentiality, independence, evidence based approach. managing an audit programme – designing, implementing, monitoring and reviewing & improving the programme the conducting of management system audits (initiating the audit to final reporting and follow up) the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditor team leaders and individual auditors. As a guidance standard it is not something an organisation can seek certification against however despite this it has been universally embraced as the definitive blueprint for MS assessment.
- ISO 19011 was first introduced in 2002 as guidelines for quality and/or environmental systems auditing. (At that time these were the only ISO management system standards available). By 2011 we were starting to see an expansion beyond quality and environmental and there was consequently a need to make the standard more generic. Since then we’ve seen the introduction of a new breed of management system standards based on annex SL. This means they share a common high level structure, identical core text and common terms and core definitions. Going forwards all new ISO MSS will be annex SL based, and existing MSS will become annex SL based when they are next revised. ISO 19011 therefore needed to be updated to reflect both the structure and contents of these new MS standards.
- Most significantly we see the introduction of a seventh audit principle. ‘Risk-based approach: an audit approach that considers risks and opportunities’. This risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit programme objectives. Indeed, the need to consider risks (and opportunities) is prevalent in all sections of the document, from design of the programme to determining who should be on the audit team, from conducting the audit itself through to drawing audit conclusions, through considering what is communicated at the closing meeting and what is ultimately contained in the audit report. Structurally there have been some changes. The order of the sub-clauses under 6.4 ‘conducting the audit activities’ has been amended. Old sub clause order New sub clause order General General Conducting the opening meeting Assigning roles and responsibilities of guides and observers Performing document review while conducting audit Conducting the opening meeting Communication during the audit Communication during the audit Audit information availability and access (new) Assigning roles and responsibilities of guides and observers Reviewing documented information while conducting an audit Collecting and verifying information Collecting and verifying information Generating audit findings Generating audit findings Preparing audit conclusions Determining audit conclusions Conducting the closing meeting Conducting the closing meeting Note a new sub-subclause 6.4.5 has been added which recognises information necessary to conduct the audit may be held at one of more physical or virtual location. In respect of the latter another common theme throughout is an acknowledgement of the role of ICT now plays in audit, not just in terms of where evidence is stored but also in terms of how it is being employed to facilitate the audit process. An interesting addition in clause 6.4.7 is text recognising that in the new annex SL world (based on documented information and not documents and records) not all information can be verified 100%. This introduces the concept of Professional Judgement which an auditor now needs to employ to determine the extent to which they can rely on such information. The old annex A has been deleted. This contained sector specific examples of the knowledge and skills required to audit particular types of industry. This may be reintroduced however there is very much a difference of opinion over this one. The old annex B now becomes annex A. This has been substantively reworked. This provides specific guidance for auditors in key topics. The range of topics has now been expanded to include; methods of auditing, professional judgement, performance outcomes, verifying information, auditing risks and opportunities and life cycle plus some significant changes to existing clauses (statistical sampling, guidance on visiting the auditee’s location). In addition, auditors must understand the application of management system standards in the post annex SL world and the relationships and interactions between the components of a management system in the light of annex SL. Audit team leaders are now expected to possess the competence to discuss strategic issues with top management. Throughout, terminology has been revised to reflect that latest definitions (audit criteria, audit team, technical expert, audit scope, risk, management system have all be revised). Also, suppliers has been replaced with external providers, documents and records by documented information. There remains an ongoing discussion as to whether ‘audit plan’ should become audit planning output and ‘audit report’, audit reporting output but as the former are such commonly used terms it is unlikely they will be changed.
- I don’t expect to see training providers offering any form of ISO 19011 transition training and I’m not expecting any of the professional bodies for auditing to be mandating this for their members either. That said, these changes are significant and I’d expect organisations operating in the MS audit arena to be providing details on these to their clients. IRCA are currently considering whether some form of mandatory CPD is required for IRCA certified auditors, perhaps in the form of required reading, and also whether revisions are necessary to their auditor training course criteria. Going forwards expect to see future auditing courses based on ISO 19001:2018, just as existing courses are based on ISO 1901:2011. I’d expect there to be a lot of reading material out there for those who are genuinely interested in this area. If you are serious about your role as an internal auditor (or indeed an external auditor) then you’ll want to know about these changes and how they will affect you. So; Study the draft. It’s not too early to start looking at the contents. Whilst this is still work in progress the substantive content is unlikely to change that much. Take a look at what is being proposed, then take an objective look at yourself and ask ‘is there any self- development required?’ For most of us the answer will be ‘yes’. Comment on the draft. If you think the changes go too far or don’t go far enough then have your say – everyone’s comment carries equal weight when they are reviewed. You could just make the world of audit a better place! Be prepared to challenge your organisation – if your unhappy with the way your organisation currently manages and conducts its audit programme this revision will provide an opportunity to effect change. There are real cost and efficiency benefits to be enjoyed from the deployment of an appropriately structure audit programme. Use this document to persuade top management that this is the case.
- All international standards go through a well-established process on their journey from concept though to finished article. We are currently at the Draft International Standard (or DIS stage). This is the point where the ‘ordinary person on the street’ for want of a better expression is able to comment on the proposed content via there national standards body – in the UK, this is BSI. The ballot closes in October. There is then a meeting of the AUS/1 committee (the ISO committee revising this standard) w/c 6th November in Mexico City. This meeting will consider the comments received and will amend the draft if deemed necessary. Depending on the extent and nature of the comments received the committee will then either move to publish the new standard or, if there is still work to be done, it will create a final draft international standard (FDIS) as an interim step before full publication. When can we expect to see the new changes? We will know for sure after the Mexico City meeting however ISO are currently quoting ‘mid 2018’. I think this is a fair representation.
- Potential additional questions…. Audit departments are required to be the 'eyes and ears' of senior management. They must evaluate compliance, identify and eliminate problems, and advise the organisation on opportunities for improvement. But there are still lots of internal auditors who don’t feel like their leadership teams are engaging as much as they should with their audits. Do you think ISO 19011 reflects the requirement to get leadership more involved? Richard Chambers, who is CEO of the Institute of Internal Auditors, asked on twitter this week “If internal audit results had to be condensed to 140 characters and delivered via Twitter, could we do it?” – what do you think? Would that ever be possible?
- Extra resources
- Thank you and goodbyes