Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
ISO 19011 Revision
1. ISO 19011 REVISION
Why is the standard being revised?
What do you need to know now?
Questions & further information
Auditing Management Systems
Emily Hill
Marketing
Executive,
Qualsys
Richard Green
Founder & MD,
Kingsford
Consultancy
Services
2. ISO 19011 OVERVIEW
1) Principles of auditing
2) Managing an audit program
3) Conducting of management system audits
4) Evaluation of competence of individuals involved in the
audit process
3. WHY REVIEW?
Natural evolution
New breed of management system standards based on
Annex SL
New structure and content of new MS Standards
4. KEY ANTICIPATED CHANGES TO ISO 19011
Old sub clause order New sub clause order
General General
Conducting the opening meeting Assigning roles and
responsibilities of guides and
observers
Performing document review
while conducting audit
Conducting the opening meeting
Communication during the audit Communication during the audit
Audit information availability and
access (new)
Assigning roles and
responsibilities of guides and
observers
Reviewing documented
information while conducting an
audit
Collecting and verifying
information
Collecting and verifying
information
Generating audit findings Generating audit findings
Preparing audit conclusions Determining audit conclusions
Conducting the closing meeting Conducting the closing meeting
7th Audit Principle
Structural changes
Role of ICT
Professional Judgement
Annex A changes
Terminology changes
5. 3 PIECES OF ADVICE
1) Study the draft: do the new requirements make
sense? Is there anything missing?
2) Send your feedback: Comment on the draft?
3) Use ISO 19011 to challenge the status quo:
unhappy with audits?
8. MORE INTERNAL AUDITING RESOURCES
http://quality.eqms.co.uk/blog/iso-
90012015-5-challenges-for-internal-
auditors-friday-feature
Internal Auditing ChallengesNext Generation Auditing Whitepaper
http://quality.eqms.co.uk/iso-9001-
auditing-whitepaper
Further information
5 Benefits of Using Auditing Software
http://quality.eqms.co.uk/blog/5-
undeniable-advantages-of-using-software-
for-auditing
9. Richard Green
Kingsford Consultancy Services Ltd
+44 (0)1225 400 435
RGreen@kingsfordconsultancyservices.co.uk
www.kingsfordconsultancyservices.co.uk
Emily Hill
Qualsys Ltd
+44 (0)114 282 3338
emily.hill@qualsys.co.uk
www.eqms.co.uk
Notes de l'éditeur
Emily & Richard Introduction
ISO 19011:2011 is an International Standard which provides guidance on auditing management systems. It is applicable to all organisations that need to conduct internal or external MS audits or manage audit programmes.
It covers;
the principles of auditing – ‘moral values which underpin the profession’ - integrity, fair presentation, due professional care, confidentiality, independence, evidence based approach.
managing an audit programme – designing, implementing, monitoring and reviewing & improving the programme
the conducting of management system audits (initiating the audit to final reporting and follow up)
the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditor team leaders and individual auditors.
As a guidance standard it is not something an organisation can seek certification against however despite this it has been universally embraced as the definitive blueprint for MS assessment.
ISO 19011 was first introduced in 2002 as guidelines for quality and/or environmental systems auditing. (At that time these were the only ISO management system standards available).
By 2011 we were starting to see an expansion beyond quality and environmental and there was consequently a need to make the standard more generic.
Since then we’ve seen the introduction of a new breed of management system standards based on annex SL. This means they share a common high level structure, identical core text and common terms and core definitions. Going forwards all new ISO MSS will be annex SL based, and existing MSS will become annex SL based when they are next revised.
ISO 19011 therefore needed to be updated to reflect both the structure and contents of these new MS standards.
Most significantly we see the introduction of a seventh audit principle.
‘Risk-based approach: an audit approach that considers risks and opportunities’.
This risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit programme objectives. Indeed, the need to consider risks (and opportunities) is prevalent in all sections of the document, from design of the programme to determining who should be on the audit team, from conducting the audit itself through to drawing audit conclusions, through considering what is communicated at the closing meeting and what is ultimately contained in the audit report.
Structurally there have been some changes. The order of the sub-clauses under 6.4 ‘conducting the audit activities’ has been amended.
Old sub clause order
New sub clause order
General
General
Conducting the opening meeting
Assigning roles and responsibilities of guides and observers
Performing document review while conducting audit
Conducting the opening meeting
Communication during the audit
Communication during the audit
Audit information availability and access (new)
Assigning roles and responsibilities of guides and observers
Reviewing documented information while conducting an audit
Collecting and verifying information
Collecting and verifying information
Generating audit findings
Generating audit findings
Preparing audit conclusions
Determining audit conclusions
Conducting the closing meeting
Conducting the closing meeting
Note a new sub-subclause 6.4.5 has been added which recognises information necessary to conduct the audit may be held at one of more physical or virtual location.
In respect of the latter another common theme throughout is an acknowledgement of the role of ICT now plays in audit, not just in terms of where evidence is stored but also in terms of how it is being employed to facilitate the audit process.
An interesting addition in clause 6.4.7 is text recognising that in the new annex SL world (based on documented information and not documents and records) not all information can be verified 100%. This introduces the concept of Professional Judgement which an auditor now needs to employ to determine the extent to which they can rely on such information.
The old annex A has been deleted. This contained sector specific examples of the knowledge and skills required to audit particular types of industry. This may be reintroduced however there is very much a difference of opinion over this one.
The old annex B now becomes annex A. This has been substantively reworked. This provides specific guidance for auditors in key topics. The range of topics has now been expanded to include; methods of auditing, professional judgement, performance outcomes, verifying information, auditing risks and opportunities and life cycle plus some significant changes to existing clauses (statistical sampling, guidance on visiting the auditee’s location).
In addition, auditors must understand the application of management system standards in the post annex SL world and the relationships and interactions between the components of a management system in the light of annex SL.
Audit team leaders are now expected to possess the competence to discuss strategic issues with top management.
Throughout, terminology has been revised to reflect that latest definitions (audit criteria, audit team, technical expert, audit scope, risk, management system have all be revised). Also, suppliers has been replaced with external providers, documents and records by documented information.
There remains an ongoing discussion as to whether ‘audit plan’ should become audit planning output and ‘audit report’, audit reporting output but as the former are such commonly used terms it is unlikely they will be changed.
I don’t expect to see training providers offering any form of ISO 19011 transition training and I’m not expecting any of the professional bodies for auditing to be mandating this for their members either.
That said, these changes are significant and I’d expect organisations operating in the MS audit arena to be providing details on these to their clients.
IRCA are currently considering whether some form of mandatory CPD is required for IRCA certified auditors, perhaps in the form of required reading, and also whether revisions are necessary to their auditor training course criteria. Going forwards expect to see future auditing courses based on ISO 19001:2018, just as existing courses are based on ISO 1901:2011.
I’d expect there to be a lot of reading material out there for those who are genuinely interested in this area.
If you are serious about your role as an internal auditor (or indeed an external auditor) then you’ll want to know about these changes and how they will affect you.
So;
Study the draft. It’s not too early to start looking at the contents. Whilst this is still work in progress the substantive content is unlikely to change that much. Take a look at what is being proposed, then take an objective look at yourself and ask ‘is there any self- development required?’ For most of us the answer will be ‘yes’.
Comment on the draft. If you think the changes go too far or don’t go far enough then have your say – everyone’s comment carries equal weight when they are reviewed. You could just make the world of audit a better place!
Be prepared to challenge your organisation – if your unhappy with the way your organisation currently manages and conducts its audit programme this revision will provide an opportunity to effect change. There are real cost and efficiency benefits to be enjoyed from the deployment of an appropriately structure audit programme. Use this document to persuade top management that this is the case.
All international standards go through a well-established process on their journey from concept though to finished article.
We are currently at the Draft International Standard (or DIS stage).
This is the point where the ‘ordinary person on the street’ for want of a better expression is able to comment on the proposed content via there national standards body – in the UK, this is BSI.
The ballot closes in October. There is then a meeting of the AUS/1 committee (the ISO committee revising this standard) w/c 6th November in Mexico City. This meeting will consider the comments received and will amend the draft if deemed necessary.
Depending on the extent and nature of the comments received the committee will then either move to publish the new standard or, if there is still work to be done, it will create a final draft international standard (FDIS) as an interim step before full publication.
When can we expect to see the new changes?
We will know for sure after the Mexico City meeting however ISO are currently quoting ‘mid 2018’. I think this is a fair representation.
Potential additional questions….
Audit departments are required to be the 'eyes and ears' of senior management. They must evaluate compliance, identify and eliminate problems, and advise the organisation on opportunities for improvement. But there are still lots of internal auditors who don’t feel like their leadership teams are engaging as much as they should with their audits. Do you think ISO 19011 reflects the requirement to get leadership more involved?
Richard Chambers, who is CEO of the Institute of Internal Auditors, asked on twitter this week “If internal audit results had to be condensed to 140 characters and delivered via Twitter, could we do it?” – what do you think? Would that ever be possible?