ISO 19011 standards provide guidance to conduct quality management system audits. This standard covers various aspects of auditing the quality management system and applies to the various organization that deals with internal and external audits.
This ISO 19011 was developed by International Organization for Standardization.
Edition of ISO 19011
Let’s review the previous edition and the current edition of the ISO 19011 standard,
|Edition||Year of Publication|
|1st Edition: ISO 10011-1||1990|
|2nd Edition: ISO 19011||2002|
|3rd Edition: ISO 19011||2011|
|4th Edition: ISO 19011||2018|
ISO 19011:2018 clauses
ISO 19011 covers the following main clause,
b. Principles of auditing
c. Audit Program management
d. Competence and evaluation of auditors
e. Conducting audit
f. Audit report preparation
f. Distribution of audit report
Let’s review other sub-clause of this standard at high levels. The following table helps you to understand the scope and sub-clause of this standard,
Definitions section covers the various definition of audit management systems eg. Definitions of audit, auditor, the auditee.
Principles of Auditing:
- Evidence based-approach
- Risk-based approach
- Confidentiality (information security)
- Integrity & fair presentation
Audit Program Management:
This section covers the following elements,
a. Audit program objectives
b. Evaluation of risk and opportunities associated with audit program
c. Roles and Responsibilities
d. Competence of lead auditor and auditee
e. Resource management
f. Selection of audit methods
g. Selection of audit team members
Competence of lead auditors:
ISO 19011 standard provides guidelines in,
a. Selection of auditor team members
b. Identification of competence required for audit
ISO 19011 standard provides various useful guidance in the following areas,
a. How to initiate an audit
b. Requirements to establish contact with auditee
c. Review of documented information
d. The risk-based approach in audit planning
e. How to assign the task to the audit team
f. Audit checklist preparation
g. How to conduct opening meeting
h. How to conduct a closing meeting
ISO 19011 Types of Audits
ISO 19011 standard specifies types of audits. Let’s review each audit type.
This audit type is also known as 1st party audit. An internal audit is being conducted within the organization by a cross-functional team with a defined frequency as per the organization’s QMS.
Eg. An annual audit is conducted in the logistics and supply chain department to assess whether processes are followed as per the Quality Management system or not.
This audit type is known as 2nd party audit. This audit is mainly conducted by external interested parties.
eg. A customer conducts audits at its supplier.
Regulatory or Certification Body Audit:
This audit type is known as a regulatory or certification body audit. This audit is conducted by a statutory and regulatory body or by a certification body to assess the organization’s Quality Management System design and development and compliance in terms of product and process safety.
- Audit conducted by BIS for the product under compulsory certification.
- An audit conducted by the certification body to issue ISO 9001 or ISO 17025 certification to the organization.
ISO 19011 – Audit Methods
Audit methods can be remote or on-site with human interaction or without human interaction. ISO 19011 standards specify the extent of involvement in audit methods in annex A. Refer following graphical image for different audit methods.
Audit Report Preparation:
ISO 19011 standards do cover key elements required for audit report preparation such as,
a. Audit Scope, Objective and Criteria
b. Name, address of auditee/client
c. Date of audit
d. Lead Auditor and auditee team member
e. Audit Method: On-site or remote audit
f. Audit Findings and finding criteria (major or minor)
g. Best Practices
i. Sampling details and list of documented information
j. Timeline to close audit findings / non-conformity
Audit Report Distribution:
ISO 19011 guideline covers key elements of audit report distribution such as,
a. Audit Report distribution as per agreed timeline between auditee and auditor
b. Audit report distribution channel with required stakeholders
c. Acknowledgment of audit report acceptance by the auditee.
Conclusion @ ISO 19011:
ISO 19011:2018 standard covers detailed guidelines for auditing management systems. This blog post is limited to a high-level overview of ISO 19011. We strongly suggest purchasing this standard from the ISO website and implementing this guideline in your organization.