In today’s business environment, many organizations incorporate a number of management systems, such as quality, environmental, IT services and information security. As a result, these organizations want to harmonize and, where possible, combine the auditing of these systems.
Compared to the first edition of the standard published in 2002 which applied only to ISO 9001 (quality) and ISO 14001 (environment) ,the scope of ISO 19011:2011, Guidelines for auditing management systems, has been expanded to reflect current thinking and the complexities of auditing multiple management system standards (MSS).
It will help user organizations to optimize and facilitate the integration of their management systems and, in facilitating a single audit of its systems, will streamline the audit processes, reduce duplication of effort and decrease disruption of work units being audited.
Specific attention is given to the implementation of the audit programme. By fully applying these guidelines, the prerequisites are provided to make auditing a crucial tool for top management to achieve the objectives of the organization.
ISO 19011:2011 provides guidance on the conduct of internal or external management system audits, as well as on the management of audit programmes. Intended users of this International Standard include auditors, audit team leaders, audit programme managers, organizations implementing management systems, and organizations needing to conduct audits of management systems for contractual or regulatory reasons.
Alister Dalrymple, Convenor of the team that updated the guidelines, described the benefits which the new standard is expected to bring to users and the improvements made compared to the 2002 edition it replaces:
“ISO 19011:2011 has been revised to provide auditors, organizations implementing management systems and organizations needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities.
"Compared to the 2002 version, the standard adds the concept of risk and recognizes more explicitly the competence of the audit team and individual auditors. Also, the use of technology in remote auditing is acknowledged, for example, conducting remote interviews and reviewing records remotely.”
Another improvement is the clarification of the relationship between ISO 19011:2011 and ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems. While those involved in management system certification audits follow the requirements of ISO/IEC 17021:2011, they might also find the guidance in this International Standard useful.
ISO 19011:2011, Guidelines for auditing management systems, was developed by ISO technical committee ISO/TC 176, Quality management and quality assurance, subcommittee SC 3,Supporting technologies.