Revision Of ISO 19011_Rev.01 (FEB 2019).pptx

TRAINING ISO 19011:2018 AUDITING MANAGEMENT SYSTEMS

ISO 19011 ISO 19011 is an international standard that sets forth guidelines for management systems auditing. The current version is ISO 19011:2018 . It is developed by the International Organization for Standardization (ISO). The standard offers four resources to organizations to "save time, effort and money": A clear explanation of the principles of management systems auditing. Guidance on the management of audit programs. Guidance on the conduct of internal or external audits. Advice on the competence and evaluation of auditors. REVISION OF ISO 19011

ISO 19011 REVISION OF ISO 19011

Targets of Revision (2018) • ISO 19011 is a guidance to be used for auditing of all management systems • This international Standard does not state requirements but provides guidance on the management of audit programmes and on the conduct of audits as well as on competence and evaluation of auditors. • ISO 19011 provides guidance for all users, including small and medium sized enterprises, specially concentrating on what are commonly termed internal (first) and second part audit. REVISION OF ISO 19011

Overview of main changes • Help boxes have been removed and contents have been included in the texts • The definitions in chapter 3 have been revised • Chapters 5 and 6 have been completely restructured . Most changes are in chapter 5 ( highlighting preparation of audit program) • Chapter 7 has been restructured and requirements concerning discipline-specific knowledge and skills are now in Annex A • Annex B Additional provides general guidance for auditors for planning and conducting audits • Only very few changes to principles of auditing REVISION OF ISO 19011

Types of Audits REVISION OF ISO 19011

Chapters • Chapter 1 Scope Chapter Chapter 2 Informative References Chapter 3 Terms and Definitions 3.1 audit systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled . Chapter 4 Principles of Auditing Air presentation the obligation to report with truthfulness and accuracy Due professional care the application of attention / zeal / search and judgment in the audit Confidentiality of information security Independence the basis for the impartiality of the audit Evidence-based approach to audit findings REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.1 General Chapter was restructured but contents remained the same. New note concerning risk-based auditing Priority should be given to allocating the audit program resources to audit those matters of significance within the management system. These may include the key characteristics of product or service quality, safety and health hazards and risks and significant environmental aspects and their control. REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.2 . Establishing the audit programme objective Audit program objectives should be consistent with and support management system policy and objectives. These objectives can be based on consideration of management priorities commercial and/or business intentions needs and expectations of interested parties- level of the maturity of the management system- results of previous audits auditees level of performance , as reflected in the occurrence of failures or incidents or customer complaints- contribution to the improvement of the management system and its performance. REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.3.1 Roles and responsibilities of the person managing the audit programme The person assigned the responsibility should; establish the extent of the audit, establish audit responsibilities, establish procedures for audit programmes , determine necessary resources monitor , review and improve the audit programme • [New] Identify and evaluate the risks for the audit programme • [New] The person assigned the responsibility for managing an audit programme should inform the top management of the contents of the audit programme and , where necessary, request its approval. REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.3.2 Competence of the person responsible for managing the audit programme [New chapter] The person responsible should have competence to manage the audit programme and its associated risks effectively as well as knowledge in the following areas Audit principles , procedures and methods Management system and reference documents Applicable legal and other requirements relevant to the activities and/or products of the organization to be audited activities , product and processes of the organization to be audited Customers, suppliers and other interested parties of the organization to be audited, where applicable REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.3.3 Determining the extent of an audit programme Largely unchanged, that means that the extent of the audit programme can vary depending on the size , functionality and complexity of the organization. Other factors impacting the extent of an audit programme include. Those factors influencing the effectiveness of the management system. Availability of the information and communication Technologies to support the use of remote audit methods. The occurrence of internal and external events such as product failures, information security leaks , health and safety incidents, criminal acts or environmental incidents REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.3.4 Identifying and evaluating audit programme risks [New chapter] There are many different risks associated with establishing, implementing, monitoring and reviewing an audit programme that may affect the achievement of the audit programme objectives. These risks may be associated with planning; e.g . failure to set relevant audit objectives and determine the extent of the audit programme resources , e.g . allowing insufficient time for the person responsible for managing the audit programme to develop the audit programme selection of the audit team, REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.3.4 Identifying and evaluating audit programme risks e.g . the team does not have the collective competence to conduct the audit effectively implementation e.g . ineffective communication of the audit programme records and their controls, e.g . failure to adequately protect audit records to demonstrate audit programme effectiveness monitoring, reviewing and improving the audit programme , e.g . ineffective monitoring of audit programme outcomes REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.4.1 Implementing the audit programme , General Chapter is largely unchanged but with the following additions/amendments Communicating the pertinent parts of the audit programme to relevant parties and informing them periodically of its progress defining objectives, scope and criteria for each individual audit ensuring the selection of audit teams with the necessary competence. REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.4.2 . Defining individual audit objectives, scope and criteria Insertion of individual audit objectives rest of chapter largely unchanged [New] The individual audit objectives should be defined by the person responsible for managing the audit programme and be consistent with the overall audit programme objectives more accurate definition concerning combined audits. When two or more managements systems of different disciplines are audited together, it is important that the audit objectives, scope and criteria are consistent with the objectives of the relevant audit programme . REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.4.3 Selecting the audit method [New chapter] The person responsible for managing the audit programme should select and determine the audit methods for an audit depending on the defined audit objectives, scope and criteria for effectively conducting the audit . Personal note A very well structured and comprehensive guidance for auditors concerning audit methods is given in Annex B (methods for On-site and remote auditing , human interaction, no human interaction, sources of information, sampling, document review, interviews.) REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.4.4 Selecting the audit team Largely unchanged but reference to chapter 7 ( competence of auditors). [New Concerning] the composition of the audit team for a specific audit consideration should also be given to the audit methods that have been selected . [Attention] Audit team members should not only work together, but to interact effectively with the representatives of the auditee [new definition] Technical experts should operate under the direction of an auditor but should not act as auditors . REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.4.6 Managing and maintaining audit programme records [ New Chapter] The person responsible for the managing the audit programme should ensure that audit records are created., managed and maintained to demonstrate the implementation of the audit programme . Processes should be established to ensure that any privacy or confidentiality needs associated with the audit records are adressed . Records should include the following; Audit programme objectives, reviews of audit programme effectiveness Audit plans and audit reports, nonconformity reports , corrective and preventive action reports Regarding audit personnel competence and performance evaluation of the audit team members, audit team selection, maintenance and improvement of competence. REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.5 Monitoring the audit programme [New chapter] The person responsible for managing the audit programme should monitor the implementation of the audit programme considering the need to review and approve audit reports , including the suitability and adequacy of audit findings for root cause analysis and effective corrective actions and preventive actions ensure distribution of audit reports to the top management and other relevant parties determine the necessity of any follow-up audit evaluate the performance and the ability of the audit teams to implement the audit plan evaluate conformity with audit programmes , schedules and audit objectives evaluate feedback from top management, auditees , auditors and other interested parties Factors which may determine the need to modify the audit programme , e.g. audit findings , demonstrated level of management system effectiveness , changes to the clients or the auditees management system, changes to standards . legal and contractual requirements . REVISION OF ISO 19011

Chapter 5 Managing an Audit Programme 5.6 Reviewing and improving audit programme [New chapter] The person responsible for managing the audit programme should review the audit programme to assess whether its objectives have been met. Lessons learned from the audit programme review should be used as inputs for the continual improvement process for the programme . The audit programme review should consider results and trends from audit programme monitoring changing needs and expectations of interested parties Audit programme records (see also 5.3.6) Alternative or new auditing methods Review the continual professional development of auditors , in accordance with 7.4, 7.5 and 7.6 Report the results of the audit programme review to the top management REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.2.2 Establishing initial contact with the auditee The initial contact with the auditee for the performance of the audit can be informal or formal and should be made by the audit team leader . The purposes of the initial contact are to establish communication channels with the auditees representatives to provide information on the audit objectives, audit scope, audit methods and audit team composition to request access to relevant documents and records for planning purposes to determine applicable legal and other requirements. To confirm the agreement with the auditee regarding the extent of the disclosure and the treatment of the confidential information to determine any site-specific access, security, health and safety or other special requirements to determine the expectations and needs of the auditee in relation to the specific audit. REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.4.2 Conducting the opening meeting Largely unchanged, in the beginning, but then with a few additions. The following items should be considered introduction of the participants including observers and guides, and outline their roles. During the meeting, an opportunity to ask questions should be provided. Confirmation of audit objectives, scope and criteria , audit plan, presentation of the audit methods to be used, including advising the auditee that the audit evidence is based on a sample of the information available (element of uncertainty has been deleted from text ) Confirmation of communication channels, language to be used, availabiliy of resources and facilities needed Confirmation of matters relating to confidentiality and information security information about the closing meeting REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.4.3 Performing document review while conducting the audit [New chapter] The document review may be combined with the other audit activities and may continue throughout the audit, if this is not detrimental to the effectiveness of the conduct of the audit If adequate documentation cannot be provided within the time frame given in the audit plan , the audit team leader should inform the person responsible for managing the audit programme , and the auditee . Depending on the audit scope and objectives a decision should be made as to whether the audit should be continued or suspended . REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.4.4 Communicating during the audit [New first paragraph] It may be necessary to make formal arrangements for communication within the audit team with the auditee , the audit client and potentially with external bodies (e.g. regulators ) during the audit, especially where legal requirements require the mandatory reporting of nonconformities . Rest of text is unchanged. 6.4.5 Assigning roles and responsibilities of guides and observers [New chapter], main content is Guides and observers (e.g. regulator or other interested parties) may accompany the audit team. They should not influence or interfere with the conduct of the audit. If this cannot be assured, the audit team leader should have the right to refuse Observersfrom taking part in certain audit activities. REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.4.6 Identifying audit findings [No real changes to the text, but best practices and strenghts are now included] Conformity with audit criteria and best practices and strenghts as appropriate, should be summarized to indicate locations, functions or processes that were audited. If it is included in the audit plan , individual audit findings of conformity, best practices and strenghts and their supporting evidence should also be recorded. REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.4.8 Conducting the closing meeting [Unchanged text but the following paragraphs have been added]. If defined in the management system or by agreement with the audit client, the participants should agree on the time frame for an action plan to address audit findings . As appropriate, the following should be explained in the closing meeting advising the audtee that the audit evidence collected was based on a sample of the information available the method of reporting the process of handling of audit findings and possible consequences presentation of the audit findings and conclusions in such a manner that they are understood and acknowledged by the auditees management any related post audit activities REVISION OF ISO 19011

Chapter 6 Performing an Audit 6.5.1 Preparing the audit report [Largely unchanged , but with the following additions] A statement on the degree of the conformity to the audit criteria A summary covering the audit conclusions and the main audit findings that support them Strengths and best practices identified Note The audit report may be developed before the closing meeting 6.6 Completing the audit [Largely unchanged, with the following additional paragraphs] The audit is completed when all audit plan activities have been carried out or as otherwise agreed with the audit client. Lessons learned from the audit should be entered into the continual improvement process of the management system of the organization audited. REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7. Competence and evaluation of auditors This chapter has been completely re-structured and new guidance on competence was included. The old table 1 (auditor education/auditor training, work experience, etc ) was removed. Definition Competence Capacity to apply knowledge and skills to achieve intended results Note : Capacity implies the appropriate application of personal behaviour during the audit process. REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7.1 General New confidence and reliance in the audit process and the ability to achieve its objectives, depends on the competence of those individuals who are involved in the planning and conducting the audits, including auditors and audit team leaders. The evaluation of auditor competence should be planned, implemented and documented.The evaluation process should include four main steps 1) Determine the needed competence of the audit personnel (7.2 ) 2 ) Establish the evaluation criteria (7.3 ) 3 ) Select the appropriate evaluation method (7.4 ) 4 ) Conduct the evaluation ( 7.5) REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7.1 General The outcome of the evaluation process should provide a basis for audit team selection determining the need for improved competence and- ongoing performance evaluation of auditors. Auditors should develop, maintain and improve their competence through continual professional development and regular participation in audits (see 7.5 and 7.6) REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors Chapter 7.2 Determination of auditor competence Knowledge of management system to be audited the objectives and extent of the audit programme the complexity of the management system to be audited. Competence Personal behaviours (largely unchanged content) Ethical Open minded Diplomatic Observant Tenacious Culturally sensitive Collaborative REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7.3 Establish the auditor evaluation criteria The criteria should be qualitative ( such as having demonstrated personal behaviours , knowledge or the performance of the skills, in training or in the workplace) and quantitative ( such as the years of work experience and education , number of audits conducted, hours of audit training). REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7.4 Select the appropriate auditor evaluation method The evaluation should be conducted using two or more of the following methods Review of records (education, training, employment, ) Feedback (surveys, questionnaires, personal references , testimonials, complaints) Personal Interview Observation (witnessed audits, role playing) Testing (oral or written exams, psychometric testing) Post-audit review ( review of audit report, interview with audit team leader/member, feedback from auditee .) REVISION OF ISO 19011

Chapter 7: Competence and Evaluation of Auditors 7.5 Conduct the auditor evaluation The information collected about the person should be compared against the criteria set in chapter 7.2 (Determination of Auditor Competence to Meet Audit Programme ) When a person expected to participate in the audit programme does not meet the criteria,additional training, work and/or audit experience, and a subsequent re-evaluation should be performed REVISION OF ISO 19011

Revision Of ISO 19011 Annexes Annex A Illustrative example of discipline-specific knowledge and skills of auditors Transportation Environmental Quality Occupational, health and safety Additional guidance for auditors for planning and conducting audits On-Site Remote Human Interaction [Very important to understand these Annexes parts]

Revision Of ISO 19011 Annexes Annex A

Revision Of ISO 19011_Rev.01 (FEB 2019).pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Revision Of ISO 19011_Rev.01 (FEB 2019).pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

DTI BPI Pivot Small Business - BUSINESS START UP PLAN

CATHOLIC EDUCATIONAL Corporate Responsibilities

Karin Schaupp – Evocation; lançamento: 2000

Pillars of Biblical Oneness in the Book of Acts

7-10. STP + Branding and Product &amp; Services Strategies.pptx

Business Legislation PPT - UNIT 1 jimllpkggg

7-10. STP + Branding and Product & Services Strategies.pptx