Management System Auditing 101

This website is your guide to management system auditing and ISO 19011:2011.

It provides answers to the following questions -

  • What is a management system audit?
  • What are the requirements for conducting management system audits?
  • Why should I use 19011:2011?
  • Where can I find more information about management system auditing? 

There are many different types of assessment – financial audits, property assessments, supplier reviews, contractor evaluations, registration audits, equipment evaluations…

What do all assessments have in common?

They compare a set of collected information against some established criteria.

 What is a Management System Audit?

 A management system audit is a specific type of assessment. 

ISO 19011 defines a management system audit as follows:

“Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” (ISO 19011:2011 3.1)

What makes a management system audit different from other types of assessments?

Three things -

  1. It must be systematic.
  2. It must be independent.
  3. It must be documented.

Management system audits must be systematic.

Management systems are all about controlling processes – including the processes of the management system.  In order to conduct management system audits, you need audit procedures AND an audit program.

Click here to learn more about setting up an audit program.

Management system audits must be independent.

Auditors can NOT audit their own work.  Audits need to be structured so they are free from bias and conflicts of interest.

Management system audits must be documented.

Audits are all about making decisions and taking action – in order for this to be accomplished, they need to be documented.

What Are the Requirements for Conducting Audits?

The requirements for conducting management system audits depend on two things –

  1. The requirements set out in the applicable management system standard being used to establish the management system (e.g. ISO 9001, ISO 14001, OHSAS 18001)
  2. The “planned arrangements” (processes and procedures) established for the audit program by the organization that is conducting the audit – or having the audit  conducted on its behalf.

All of the commonly used management system standards contain audit requirements. 

In both ISO 14001:2004 and OHSAS 18001:2007, this is section 4.5.5 – which is entitled Internal Audit.  These requirements include establishing both an audit program and implementing and maintaining audit procedures.  ISO 19011 provides additional guidance on how these requirements can be met.

Why Should I Use ISO 19011:2011?

ISO 19011 is an international consensus standard developed by experts from around the World.  It has been developed to be applicable to all organizations that need to conduct internal or external audits of management systems or manage an audit program.  As a consensus standard, it reflects an auditing framework that has been agreed upon and accepted by a range of interested parties.

It is a guidance document; it is not a specification standard.  It contains suggestions for how to meet the audit requirements that are set out in other management system standards such as ISO 14001 and OHSAS 18001.  It is useful for organizations that need to develop their own planned arrangements for conducting effective audits.

Where Can I Find More Information?

Go the Resources page of this website – this page contains additional information and links to other web sites that provide information helpful for management system auditing.

© ENLAR Compliance Services, Inc. (2012)