This year the International Organization for Standardization (ISO) approved a project to revise ISO 19011:2011—Guidelines for auditing management systems. ISO Project Committee PC 302 was established with experts from numerous countries to revise the standard. The first of four plenary meetings was held during the second week of November in Orlando, Florida.
While it is too soon to say exactly what the new revision of ISO 19011 will look like, here is a brief overview of the most relevant topics that were discussed at the first meeting.
Terms and definitions: ISO 19011 isn’t a management system standard, therefore it’s not required to use the same terminology as other standards. However, it was decided that it’s in the interest of users of the standard that the terms and definitions be aligned with the high-level structure in Annex SL of the ISO directives. One example is the use of the term “documented information,” which will be integrated in ISO 19011 whenever possible.
Risk and risk-based thinking: The committee decided that it’s not necessary to include a new section about risk. However, the concepts of risk and opportunities will be included throughout the standard as applicable.
Remote auditing: The main idea and argument to justify the need to include remote auditing in the revision was that some companies only exist virtually, or that some or all information may not be stored in a physical location. The committee decided that an audit is an audit, no matter where it’s completed. Therefore, there are different tools and methods that can be used—remote auditing being one of them.
Small and medium enterprises (SME): It was determined that it’s not necessary to include a specific section regarding SMEs because the language used in the standard should be generic enough to apply to any type of organization and audit. If any specific guidance is needed for SMEs, it may be included within an annex or notes.
Audit team competence: ISO 19011 and ISO 17021 are compatible and will remain this way. There will be some changes to reflect current challenges regarding auditor and audit team competence—in particular in relation to risk, combined audits, and auditing clauses 4.1, 4.2, and 4.3 of the high-level structure, along with remote auditing.
In summary, we can expect the revision of ISO 19011 to be better aligned with the terminology, business practices, and audit needs of current times. The revision will incorporate concepts such as risk-based thinking and remote auditing, and will also include updated terminology and auditor competence requirements. This will provide a contemporary approach to complex organizational structures and audits.
About the author
Elisabeth Thaller has provided management system consulting, auditing, and training for the past 20 years. During this time, Thaller has coached private and government organizations on the implementation of diverse management system and conformity assessment standards, including ISO 17024 and ISO 17021.
As a contracted evaluator with Exemplar Global, Thaller has performed training provider and course certification audits in the US, Europe, Mexico, and South America.
Thaller is a member of the US TAG to ISO/PC 302 Guidelines for auditing management systems and is actively involved in the current review of ISO 19011. Thaller previously participated in the ISO/TC 176 STTG (ISO 9001:2015), ISO/TC 207 STTF (ISO 14001:2015), and ISO/CASCO/STTF (ISO 17021:2015).