Iso 19011

ISO 19011 is an international standard of the International Organization for Standardization (ISO) that sets detailed guidelines for quality management systems auditing and environmental management systems auditing and provides guidance on the competence of quality and environmental management systems auditors.

Founded in 1946, the ISO is a global standard-setting organization headquartered in Geneva, Switzerland, that promulgates international, industrial, and commercial ISO standards. The ISO 19011: 2002 standard was prepared and published in October 2002 by ISO in accordance with the rules given in the ISO/IEC (International Electrotechnical Commission) Directives, part 3. The standard was produced in response to a growing demand from the commercial sector for guidance on combined management systems audits. The cost of failing an accreditation/reaccreditation audit by an awarding body, such as the British Standards Institute, referred to officially as the “third-party audit,” can affect an organization in a number of ways. These include suspension or withdrawal of certification leading to loss of clients, costly improvements to policy or procedures and working instructions, and hidden costs associated with inefficiencies of internal reviews.

Through its adoption, ISO 19011 provides a “best practice template” by clarifying the objectives of the environmental or quality audit program, seeking commitment to the audit program and individual audit goals, reducing duplication when instigating dual environmental and quality audits, ensuring that audit reports conform to the ideal template and record all essential data, and benchmarking the competence of the audit team against suitable criteria. ISO 19011 can also be adapted for auditing any management system.

ISO 19011 provides four instrumental decision/support resources to successfully scope the audit plan, audit execution, and critical evaluation of environmental and/or quality audit:

• A clear explanation of the principles of management systems auditing
• Guidance on the management of audit programs
• Guidance on the conduct of internal or external audits
• Advice on the competence and evaluation of auditors

The fundamental role of an audit is to record a sample of evidence to confirm the validity and suitability of an organization's data and to “independently” assess an organization's internal control procedures. The audit report compares planned conformance to actual conformance and provides a mechanism for continuous improvement. In order to maintain its credibility and acceptance auditing is dependent on five fundamental principles: ethical conduct, fair presentation, due professional care, independence, and evidence-based approach. Ethical conduct is essential to maintain the reputation of the auditing [Page 343]profession. Fair presentation of the audit exercise must be truthful and accurate and based purely on the evidence discovered. Due professional care must be maintained throughout by the auditor/auditing team, so it is essential that the auditors are qualified and competent. Independence of auditors is fundamental to maintain objectivity and impartiality while carrying out the on-site audit, auditing report findings, and presenting these findings to the management team. An evidence-based approach means that results must be verifiable in that samples are recorded on the observation sheets and documented in the final audit report competently, reflecting the variance between actual performance and the applicable ISO standard.

The audit program may consist of one or more audits that are dependent on the size and operations of the organization. Each audit may be carried out by a single auditor, or an audit team coordinated by a lead auditor. Senior management must take an active role in the audit program, a requirement particularly relevant during a third-party accreditation audit. All participants must be comfortable with the auditing principles and have the relevant management skills and technical/operational competence. The senior management team must also ensure that the audit program is adequately resourced. Clarification of the objectives of the audit program is paramount to all parties; examples of objectives include to satisfy the criteria for certification, to meet contractual requirements, to demonstrate competence in the supply chain, or to act as a catalyst for continuous improvement. In addition, an audit schedule must reflect the scope of the operations of the organization that is seeking or has ISO certification. Over a set period of time, normally 12 months, each process must be audited. The audit observation sheets record evidence to support conformance, nonconformance, or observations, and normally three examples of evidence are recorded to support each finding. The lead auditor then documents the findings/conclusions in an audit report that is presented to management, which may result in continued certification, suspension of certification pending a follow-up audit, or a formal withdrawal of certification.

...