Management System Auditing
- What is a management system audit?
- What are the requirements for conducting management system audits?
- Why should I use 19011:2011?
- Where can I find more information about management system auditing?
What do all assessments have in common?
They compare a set of collected information against some established criteria.
What is a Management System Audit?A management system audit is a specific type of assessment.
ISO 19011 defines a management system audit as follows:
“Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” (ISO 19011:2011 3.1)
What makes a management system audit different from other types of assessments?
Three things -
- It must be systematic.
- It must be independent.
- It must be documented.
Management systems are all about controlling processes – including the processes of the management system. In order to conduct management system audits, you need audit procedures AND an audit program.
Management system audits must be independent.
Auditors can NOT audit their own work. Audits need to be structured so they are free from bias and conflicts of interest.
Management system audits must be documented.
Audits are all about making decisions and taking action – in order for this to be accomplished, they need to be documented.
- The requirements set out in the applicable management system standard being used to establish the management system (e.g. ISO 9001, ISO 14001, OHSAS 18001)
- The “planned arrangements” (processes and procedures) established for the audit program by the organization that is conducting the audit – or having the audit conducted on its behalf.
In both ISO 14001:2004 and OHSAS 18001:2007, this is section 4.5.5 – which is entitled Internal Audit. These requirements include establishing both an audit program and implementing and maintaining audit procedures. ISO 19011 provides additional guidance on how these requirements can be met.
It is a guidance document; it is not a specification standard. It contains suggestions for how to meet the audit requirements that are set out in other management system standards such as ISO 14001 and OHSAS 18001. It is useful for organizations that need to develop their own planned arrangements for conducting effective audits.