ISO 19011 has been first published in the year of 2002 to provide guidance on auditing management systems, as well as the guidance on the evaluation of competence of individuals involved in the audit process; however this Standard back then was only to cover mainly on auditing the Quality Management System (QMS) and the Environmental Management System (EMS) as the title of the Standard explains it well - “Guidelines for Quality and/or Environmental Management Systems audit”. However, after the year of 2002, a number of new management system standards have been introduced and trigger a need to consider a broader scope of management system auditing, as well as providing guidance that is more generic.
The second edition of ISO/IEC 17021 that was published in 2011 is also another catalyst that pushes for a consideration in upgrading the first edition of ISO 19011. Moreover, I’m sure there are also questions / concerns from auditors in regards to which guidelines to be used if they are to conduct auditing on management systems besides the QMS and EMS.
As a result, the second edition of ISO 19011 – “Guidelines for auditing Management Systems” has been published in 2011 to replace the first edition. Among the main differences compared with the first edition are as follows:
|Internal Auditing||External Auditing|
|Supplier Auditing||Third Party Audit
|Sometimes called First Party Audit||
Sometimes called Second Party Audit
|For legal, regulatory and similar purposes
|ISO 19011:2011 provides guidance for all audits|
|ISO/IEC17021:2011 is a requirement for certification purpose only|
|Extent of involvement between the auditorand the auditee||Location of an auditor|
|Human interaction||Conducting interviews.
Completing checklists and questionnaires with auditee participation.
Conducting document review with auditee participation.
|Via interactive communication means:
— conducting interviews;
— completing checklists and
— conducting document review with auditee participation.
|No human interaction||Conducting document review (e.g. records, data analysis).
Observation of work performed.
Conducting on-site visit.
Sampling (e.g. products).
|Conducting document review (e.g. records, data analysis).
Observing work performed via surveillance means, considering social and legal
|On-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance.
Interactive audit activities involve interaction between the auditee’s personnel and the audit team.
Non-interactive audit activities involve no human interaction with persons representing the auditee but do involve interaction with equipment, facilities and documentation.
With this second version of ISO 19011, it clears the question marks that auditors have as it is now been made common and generic for the use for auditing of management systems.
**Information used in this write-up is from the ISO 19011:2001 standard.
Interested in discussing your requirements? Let’s talk.
Training / Online training / Capacity building