4 mins read

The Key to Successful Audits Using the ISO 19011:2018 Framework

The recently updated ISO 19011:2018, provides excellent guidelines for the risk-based management of internal and external audit programs and auditors.

One of the primary drivers for the creation of ISO 19011:2018 was to synchronise the audit process with the philosophy and intent behind the recent revisions to the management system Standards.

The ISO 19011:2018 Standard includes seven auditing principles:

  1. Integrity
  2. Fair presentation
  3. Due professional care
  4. Confidentiality
  5. Independence
  6. Evidence-based approach
  7. Risk-based approach

These principles, when implemented effectively, provide the guidance needed to successfully manage and conduct audits of ISO management systems.

5 tips to conducting value-added audits with ISO 19011:2018:

When audits detect problematic issues (often referred to as non-conformances), it is very important that management response includes the effective;

Learn how to manage an effective internal audit program.
Download Now

1. Align the audit program with the business’s objectives

Clause 5 of the ISO 19011:2018 Standard concerns managing an audit program, recognising there is more involved than creating an audit schedule. The audit program should consider a management systems functionality, complexity, maturity and the type of risks and opportunities associated with it.

2. Adopt a risk-based approach to audit planning 

Clause 6.3.2 of the ISO 19011:2018 Standard provides guidance on audit planning. By adopting a risk-based approach to planning, auditors can consider the risks of the audit activities and not achieving the audit objectives. A common problem is allocating sufficient time and resources. Many leaders do not understand the time required; they see auditors interviewing team members and believe this, plus some time to compile a report, is all that auditing involves.

 

3. Use the right people for the job

For the audit program to be effective in achieving its objectives, you need to have competent and qualified auditors to conduct the audit activities. Clause 7 in ISO 19011: 2018 discusses the evaluation of auditor competence and performance. If the audit team lacks knowledge or expertise, a technical expert should be used to close the knowledge gap. Auditors do not have to be experts in every single process, but they should understand the organisations;

  • Key organisational goals and issues
  • Management systems and requirements (and how they might interact)
  • Core business processes and how they impact each other
  • Risk-based approach to management at all levels
  • Regulatory frameworks

4. Audit the audit program

The audit process itself must be audited, and like all other processes, opportunities to improve it should be identified and implemented. The audit process ideally then becomes an opportunity to confirm the capability of the processes under audit, and to identify and share best practices within the business.

Conducting internal audits using ISO 19011:2018
Download Now

5. Don’t just treat the symptom

When audits detect problematic issues (often referred to as non-conformances), it is very important that management response includes the effective;

  • Containment and Correction of the problem
  • Corrective Action
  • Mitigation of any emerging risks related to actions taken

All of the above actions are important but conducting an effective corrective action process, including thorough root cause analysis, is absolutely vital to drive continual improvement. Businesses are often quick to react to the issue by treating the symptoms and are therefore likely to experience the issue again. Instead, the business should take a step back and understand the broader issue, working to resolve the root cause and eliminating the issue from reoccurring.

Audits are not simply a process to ensure your business management functions and processes are operational and effective, they also allows your organisation to assess the condition of other management programs and risk management processes, as well as assist in compliance with applicable regulations, standards and other key requirements.

Similar to how an internal audit reviews the condition of your organisation, the audit program itself must be assessed and treated as an opportunity for enhancement and optimisation.

ISO 19011: 2018 is a catalyst for these objectives and also identifies and distinguishes the potential impact that advancements in technology can have on the audit process, such as virtual or remote technology enabled audits.

Contact us to discuss improving your Internal Audit Program

Contact Us

Sales Enquiries, fill in the form to ensure we have the details we need to answer your query or send us an email

assurance@saiglobal.com

Not a sales enquiry or you are looking for SAI Global Standards? Click here to view contact details.
Chat with us