BS EN ISO 19011:2011 ncrportingcuigendan Deceber 2011 Guidelines for auditing management systems (ISO 19011:2011) iBS EN ISO 190112011 BRITISH STANDARD National Foreword ‘his Bris Standard is the UK implementation of ENISO 180172011 esuperseds BS EN 50 19011-2002 which i withdraw ‘The UK partipation in ts preparation was entrutesto Teenniat Commitee AUSN, Reson of SO 1901 A lis of organizations represented on thi committee can be ‘tamed on request tots seretay. ‘This publiation doesnot purport to include all the macessay provisions of contract, Uses are respon for Rs orect {pplieavon. (The British Standards nstution 2012 158 978058075246 5 03.120.10; 13070.10 Compliance with a Bets Standard cannot confer irmunity from legal obligations This Brith Standard was published under the authsty ofthe SHandards Pole and Stetegy Corvmitee on 30 November 2017. Amendments/corriganda issued since publication oate "ent affected 31 January 2012 Implementation of CEN correction notice 3D November 2011 endorsemen dates modified intorewordEUROPEAN STANDARD EN ISO 19011 NORME EUROPEENNE, EUROPAISCHE NORM November 2011 res ess209m 13.02030 Supers MISO 1011-2002 Englth Version Guidelines for auditing management systems (ISO 19011:2011) res tin pare sre ce Loe hunger Management 160 Sesoerac ao nr) amy ‘hs Sones Sunder epee Can None ev manera tency nin Be CENCENELEG em eon ti spt be cnr og ie pn ‘Student os nur sudo eeu sy nin pmo sr lope ces ong senso ‘Smart ed on apna wt CE cescrc> haere Cree ero ay CaN member “isp Sadr a tl vm Enh rch, Carma Aaron thao may andar Teeicnecbyecovnmerrtvor bun omer CENT arenes frome 2a re aes Aig Daan, pte, Cat, Cpa, Cte ene, Der. ne, ‘eee ome Be py ea a tg Noy Pn our sotortin Sem Agim tpl ar my ay meee ef Ne ENIG0 OHOBS EN ISO 19011-2011 EN 180 19014:2011 (E) Foreword This doxment (EN {SO 190112011) has been prepared by Technzal Commitee ISO/TC 176 "Qualty Imanegerentané quay assurance’ ‘his Exopean Stndard shal be oven the sas of x raion standard let by pullin ofan Henn {int or by endorsement tener by May 2032, snd conicing aol sands shat be withdraw athe Inte bp May 2092 ‘terion is dawn fo th possily tat some ofthe elemens ofthis document may be the subject of patent ‘ahs. CEN ardor CENELEG] sha nat be Mel etpanibe or tentthng any of al such peer NM ‘This doaumen! supersedes ENISO 190112002 ‘According to the CEN'CENELEC Ileal Regustons, the rina standards organizations ofthe folowing Couriesoe Bound to implements Ewopean Stand Aust, Seigum, Suga, Croan CYPus, Czech Fepube, Denmark Eeena Fnana. Frenes, Grmary, Greece, Hungary, leeang, alan, aly Lat {ian Lambours, Mat, Neferians, Nonwey, Poa Pocuga, Romana, Sovais, Slower, Spat Seder, Swizerland tte United Kingdom, Endorsement notes ‘The ex of 80 19011:2011 hat been approved by CEN as EN ISO 190112011 witut any modtzaton85 EN ISO 19011:201 180 9041:204%(6) Contents Pose Foreword Scope “eam and setniions. Principles of auditing Managing an audit programm oom Sener Estabising the aud programme objectives. Ettabising the suditprogramme ea 52 Inlating the susie ©3. Preparing aut actives 54 Conducting te aut ete neem © Preparing and distbetng the auditreport.— 56 Completing the =u 87 Conducting suit folow-up 1 ovakation of auditor : 12 waiter competence to ful the needs of the audit programme cw—nwnn 3S 3 2 ade evaluation enters 2 Ta prophate autor evaluation method. = 1S Conducting audtor evaluation = 18 Nalntaining and improving auditor compatenes = ‘Annex. (rforatve) Guidance and illustrative examples of daciplie specif knowledge sudo. ‘Annax 8 (eforntive) Adtonl guidance for auditors fo planning and conducting audits 7 Bibliography a“SEN 50 19011:2011 ¥s0 teov1:2011(€) Foreword 150 (he nematon!Cxgerizaton for Standart isa wosdvide federation of nations standard bolas (1sD\member bode). The work of preparing Inertial Slandards ie onal ead out hough ISO {tevncal comitens Each member body invested in 2 subjec for which cnnical comes hax been ‘cablanes has th rh be represented chal coma nena agantzalns, governmental ene ‘an-gvertneia in alan with SO, soak part inthe wor. SO colborates closely withthe nteratonal Elecvetoctnial Grmmisson (EC) onal mate's of elecrotectneal tandaraston Ineraine! Standards ae rated in accordance with theres given nthe ISONEC Diectvs, Part 2. ‘Tw main task of tecnnicalcommitoes Iso prepare International Standards, Daft iterations Standards ‘cepod by the tenia commitees are culated to the momber bedes fr volng. Pubicaon at an Intemational Standard requres approval by atleast 5k othe member bases casing a vale ‘Attn is drawn to the possibilty that some ofthe elemeris of thls docuran may be the "ght 1SO sal nat be hel respansble or wertying any oral such pte i. 150 19011 was prepared by Teces! Commies ISOITC 178, Qualty management and quaty assurance, ‘Suncommuie SC 3, Supporting technologies. “Tas secondeson cancels and replaces theft elon (150 1901-2002), which ha ben technol reve. ‘The main dtflerances compared with he fst etion area fotows subject of patent _— the scopes been broadened rom the austin of quality and envtormanial management yer oD Buating of any management systems, — the relationship between 1S0 18011 and ISONEC 17021 has been cso, — remote st methods an the concept of sk have been tosuce — confdemalty has been add a # new penile of using nd 7 have been reorgeize = sion! inermation hasbeen neues na new Annex, esutlgintheremoval of help boxes: _— tne competence determination and evaluation process ha been strengthened — tatatv examples of diiline- specie knowledge and el have bean need in @ new Annex A: = Adsionl guideline ae avaliable a the folowing website yw isoora/120 studingSEN SO 19011:2011 180 19011:2011(6) Introduction ‘Sine the fret con of this international Standard was pushes in 2002, a numberof new management stem standards Rave been publahes AS a esut, Dae le now s need lo considera broader scope of ‘management sytem audtng, ax wel at proving guidance hat moe gone. in 2006, the 150 comnts fo confomiy assessment (CASCO) developed ISONEC 17021, whch sats out ‘equvements otra party eericaton of management jem and which was base parton thegudeines Contained the ft eon of is Iernaonl Standaa ‘he second eatin of SO/EC 17021, published in 201, was extended fo ransfrm te guidance offre in ‘hs Iniemationl Standard into requment or management system cerfeaton aut. sn this conc that his second edn of th Intrnalonal Standard provides gudanee for ll ses, including smal and Imedimstzed organizstion, and coneervatas on what are conenerly wed “ater suas st pry) Sind suds eonducte by customers on tha suppl” (econa party. While hose imelved in management "System certian aut fll te requirement of SONEC T7O2¥201, hey mig also tnd he guldance ‘hs Iterator Standard set ‘Te relationship between hi econ eon of thi Intemational Standard and \SONEC 1702201 Is shown ates Table 1— Scope ofthis International Standard and lt relatonship with ISONEC 470242011 Trl eng Eneral a Fae regu end snior epee Fer cerieaon (ne sone fogs n BONE 70252091 aust) Somes cla scond pry st “This Internal Standard does not state requrements, bul provides guidance on the managemet ofan {ak programe, onthe planning and condusing an at ef the managerent sytem, at well sn he fompetence and ovahiason ofan eur and an aut ea, Crgantations can operste more than one formal management sysien. To siplty the readaity of tis Irernational Sanaa the angus orm of management sytem te pred, bt the aden can adapt he Implamentaton of the guicence to ha own parc eiuatan TNs ase applies to the use ofpersor and “persone, “auato” and "suds ‘This intematonal Standard is inlended to apply o a broad range of potent users, inudng audios, organizations implementing nanagementsylems, an organlzalonsneedg conduct audtsof management {Sytem fr conractal or equator reasons. Users ofthis inlatonal Standard can, however, apy Dis ‘tidance n developing ta wn aust elated requrements “The gudanoe in thi ntratonal Stand can alo be use forthe purpose ofS dectaratin, and ean be Usaha organzatons lvoled in audtr tavung or personnel erica. ‘The guidance inthis nlerational Standard isntened tobe fee A inated at various pnts inthe tet the vs of hi guidance cn fe depending onthe sie and level of matuty ofan organtzatins management tystem and one nue and compleiy ofthe organization tobe ste, as well os onthe eecves ond ope ofthe aut tobe candles “Ths ntmalonal Standard itzoduces the concept of sk io management systems audting. The eppcach ‘opted rites bah fo the kof he aust process not achivig fe obecbves and to th polenta of te ‘Ud blerlere wih he audtee's aces and processes. does not provide spedtc guidance on the ‘organization risk managemen process, ultecognzes thal ergarczatins can focus aud efron mater of ‘Spniteance tothe manepement astm. (21802011 -At fh moet ¥BS EN 50 19011:2011 IBo teorsa018(e) This Ileana Standard adope the approsch that when two er more management systems of dort ‘cipnes are aused together, ise ermod 2 “ombined au’ Where thee systems are legal io & $ingle management system, ths pinpes and processes of autng are the same as for a combined aus Clause 3 sets ou the key terms and defntions usd inthis itrmatonal Standard. lefts hae been aken ‘a aneure thal todo defeons dont cont wth defeione Used aba lands Claus 4 deserbes he principles on wich suing i based. These pnp cp the usorto understand the ral nature of audting and ey re imprint numderalaning the guidance et uth Causes St Classe § provites guidance on establishing and managing an ut programe, establishing the aud programe etecves, nd costing susting sctes Clause proves guance on panning andconaucing a sao management system Cau 7 provides guidance relating othe competence and evaluation of managemant sytem audtors and ‘Annex A lustraes tne appicaton ofthe guidance In Cause Tt ferent signs ‘Annex 8 provides addon pudancs for audtrs on planning and conducting aust.ce, INTERNATIONAL STANDARD 180 1901tz04H6) Guidelines for auditing management systems 1. Scope “This nterainal Standara provides guidance on suing management systems, eluding the pipes of tuting, managing sn aul proprerme and eondiclng management syiom audits, a wel as guidance on {he ovauaton ef competence of nds ivlve nthe aut process, Inaung the paren manacy the Ite eppleabe tal organizations hat ned to conduct nero external aus of ma hnanage an auat programme. ‘The appleaton of tis nteational Standar ‘onaeraton given to he speife competence, ‘ypes of aust i posible, provided that epoca ed 2. Normative references No normative earences ae ce. This laut enced inode a fll clause umbering Wentcal with tiher 90 managamant sytem senda For the purposes ofthis document, the fokowagtxms and éeiitons apply a sua ‘Sjtematc, infependent and document ‘bjectvely to determin he eater to wn process for obaning alt evidence (@.2) and evatiing it at eritaria (32) are ules NOTE tal ait ston td spay ala conde De aga el fon Den "iomatan re inpevenent ef be manapeer jl ral aud con fr be bal ean gn Secaraton ol contray. many exer perscasl) mamal runaten,epenence canbe domonee y tesco or expense sty eng ated Feed ome and conte! fees Ineren te organo, sch sr curorer ar by het peteons on tee bhal The party eae we cain Independent ws egeaaaions schon epse or hoe prong coeston NOTE When two or mote managenent satan of eaet ac ‘et anata sudo waener te strays comsne sc ty, eee occupa! aa audi eriteria ef pales, procedures or requirements used ae eletence apa which auditevidence 3) compared NOTE Adape tom 80 2000206, dion 38, NOTE 2 _ te auc tris re parting tayo aula reuemens, te tern compen er "or “rolan ae een seg inn aut ing. Cetsozmn- Alas memes qBS EN 50 19011:2011 180 19071220116, aa ‘record, slotement fae or thar information whieh ae relevant tothe sua ent (0.2) anaveiabie {150 s000:200,detniion 3.04) 34 ‘esis of ne evasion ofthe collected aust evidence (3.3) spans audit eltera (2) NOTE! Austnsigsndeae cantar e aononemiy NOTE? Austins can lade he leneaton of ppetunies fer inpronment eas goes precios NOTE Site au faa ae elec rm lapel rather requirments, he au nig i med complane ot as ‘it conclusion Sudcome ofan sui), ae consideration of the aut electives an all aut ings G4) St etent ‘ganization or person equetng an aud 3.) NOTE 1 nthe cae tina aus, he aust cont can ao be he aude (7 ete parson maraping ih aus Drogrenme: Regus eral anita coe fom sores sich ac rgur, conven prey oper len NOTE2 Apes fom 150 66002005, orion 397 doe trganzaton being sted [150 9000-2006, deition 3.9.8) usr ereon whe conduc an audit 2.1) 2s Suit team ‘ne or more autor (3.6 conducting an aut), suppotd ir od by technical experts (3:10) NOTE One autor ofte autvam i sppoiig a he sua ese NOTE2 The austeam may nese cucor-rraing [130 9000-2006, ean 3.8.10) a0 {echnical expert Dereon whe provider speci hnowadgo oF expertise fo the audit team (38) NOTE 1 _Spece mowed range ert experi sa whieh elas tothe ergerzton, he proceso acy be aud, NOTE? Alec eaperdes rele es an ator (ne aust ea 2 01502011 emtBS EN 150 19011:2011 180 19048:201316) [50 8000:2005,defrifon 8.941 obterver Dereon whe accompanies the audit etm (3.9) but does nol aud NOTE An observers not part oft aut tam (26) and dees at tues a meats conde of 6 maton, NOTE? Ancberercen elem eo (0.7, ego cere party whe wivestes te a. an vide Person appointed bythe aulite (27)o assist te aut team (2.2) aa ual programme Sirangement for gt of one of mote audits (3:1) planned fra spec time tame and deced towards 2 Specie purpose ‘tan an boundaries fan aut 2-0 “Tea sua con wal inde» nisin yao, tara it sii 1S0 9000-2005, cefrifon 3.9.13) 26 ui pian ‘escrito ofthe aotites and arangoments fora awe) 1180 9000-200, defniton 3.032) tfc of unetanty on objectives as Competence Silly o apply trowiadge and lls achieve intended resus NOTE Abitympls te arp appiaton oi as ontormity ‘ulnent fa equrement {150 90002008, denon 385) a8 oncontormiy ron lime of requcemant 11S0 9000-2005, definton 3.6.2) S1s0 208 Alaa a85 EN 150 19011-2011 180 ss0%8-201116) an management system *ysem'o esas poly and objectives ano achewe thoes objectives [180 9000:2006, dtntion 3.22} 4 Princip! of auditing -Auting i characterized by elianes ona number of piniples. These pices shou help to make the aud ‘nsfleveandrelabietoolin support of manepement poles and contol, by proving nfrmattan on wich fn organzalion can actin order lo mprove is performance. Adhereneso these pipes is a rere fot preding aul conclusions that are flevant and sulci and for enabing autor, working independently {fom one snahe, 0 rech sngarconlasonain sim eteumstances. The gudance gen In Claus ‘to 7 is based on the si principles cutive below. 2) Integrity: he foundation of professions ‘Autor and he person managing an aud programme shou = perform her work wit honesty, lignes, and esponslty, _— observe and comply wih any appeal egal requirements; demonstrate tek competence while performing her work _— perform the workin an impartial manor remain far and unbiased nal tek deags — be sense o any infuences thet may be exerted on tei goment while carying cut an au 1) Fairpresentation: the obigaton io report ruby and accurately [Aud foiogs, sus conchsions and aut repris shoul rect (nil and securely the aust ‘cies, Siprfesn!oblales encountered during the aut and unressves dering aprens between tte aust eam andthe ates sul be reported. The conmunieaion shou be Wut, czuet, bee, tray, clear nd complete ©) Bus professional cae the applcaon of ligence and judgementin udting [lor should exerae doe care In sezordance wis the ingortance of the tse hay perform andthe Confidence placed in them by he sui sent ana other erste partes. Ar bnpovta actor i ng ‘ou ther work wth due peolssional ae shaving the ably to mak reasones judgerens I ll au 4) Confident: secur of feration [Auditors should exercise sscraion inthe use and protection of rman sequin the couse of ‘hk dais, Au infomation should not be use Ingpprepriatly fr personal gan by te autor or He faust chet, or na manner dtimenial oe legate nsrets he aude. Tis concept indes the proper handing of sensive or conden wfornatn. 19 Independence: the bai for te impart ofthe aus and objectivity of heat contusions Audios shoud be independent ofthe actly belng austed wharover pracicable, and should ina Cases act a manna tht fee from bas and confit of ere Fer ivera au, aude shows be ngependent fom the opeaing managers of te funeton bang audted.Audtors shoul alan 4 180.201 AtanasSEN ISO 1901122017 180 19041:201416) bjectvity throughout te aut process to ensure tha he aud findings an coneluions are based nly For smal organizations may rt be possible for intemal autor o be ful independent of he acty being aes, bt every eon should be made io temove bas and encourage eject 4) Evidence-based approach: theron meted fr reaching reliable and reproduce aul concise ina systeme aude process ‘Aud evidence shouldbe veil, win general be based on samples of he information aval ‘nce an aud is conduced during a fn perod oie and with ite resources. An appropiate Use of fampling shoud be apie, since he le closely relate ote concen tha can be placa Inthe aut encore, 5 Managing an audit programme 5.4. General [An rgarzaion needing lo conduet aut should etalsh an aust propramme tht conus t the ‘eleminaon ofthe eflectveneas ofthe audiee's management system. The aut programme con inelde ode consdering one more management system slancads, conducted ie seperately orn combeao, ‘The top management should ensure thal he aust programme objectives ar established and assign one or Imore competent person o manage the au programme. The ene fan au programme shuld be based (nthe ane and natre ofthe organization being ted a wel aso the nature, tuners, comply ‘nd the level of marty of te management sys Wo be audied. Pry shouldbe gen fo albeaing the aut programme rescuces to aul hose mates of sintcance wihn the management system, Tres tay Ince the key characterises of product qually or Nazar elated lo heath and safe siren frronmental aepecs and econo NOTE Tie conep i conmony known 6 e-bated sng, Th inerntonsl Standort deo et ge hte “The aut programme shous inci lnermation an resources necessary fo oxganize and conduct ts ats ‘Mfetvaly ana eftaenty win he specfled time fem and can also Incldo te folowing = oecves or the ast programme snd indivdual aude — edentiumbertypesiuraonlecatonsschecule of th aus aust programme procosurs; — su tei = aust methods: = selection of ud tame necessary resources, Icing rave and accommodation: — processes for handing confident, information secur, neath snd sal, and athe similar mates. ‘plemertatin of he aust programme shouldbe monitored and masured fo ensue objectives ave been achieved. The aud programme shoud be revewed in ater e Wenty possi improvement Figue #Mustaes the proces Now forthe management ofan aust programm, 21s0 201 -Ar gamed 5BS EN 50 1901122011 Fo te0r1s2011(6) 52 eantening aa proper cbectiee I 53.2 Contre ew penon mare ta ss 5.3.4 erihing nd ovaing wat programe 52. camninng pronase rama 5. daareg att propane scat Sagencrgty ates pent tnt fe 0 mn 542 Salcg be ud naate v0 54. Aang pny oan at torn te teeta aa 5.8 Managing aul page etcone L© — aon __ Peer NOTE 1 Thsfigue Mtns he sppan fhe Plan.Op Check et cee ne etna Stand NOTE? Clewehubetuse nenbeng rele relvart clauses of hs tention Sarda Figure 1 —Process flow forthe management of an audit programme 152. Establishing the audit programme objectives “The opmanagement shoud ensure that he aud programme objectives ae established io drect he planning dnd cont of aus and shad ensure the aud programme fs knelerented elev, Aut programme ‘sbjctnes shuld be consicet wit a support management sytem poy and objectives85 EN ISO 19011:2011 TS0 teott:201116) ‘These objectives canbe based on conslderaton ofthe folowing 2) management pres; ) commercial and other business ites; 2) characterises of processes, products and projects, and any changes other 1) management system rqurements; Joga and contractual requrements and oer requeents to which he orgarizaon i commie, need fr supper evaluation nee and expectations of terested pats, ncn customers 1) aude’: leveof performance, aereectedinhe occurence of ures orincder or customer compl 9) aks tothe uses; resus of previous aus; 1 eveofmatunty fhe ma Jment system blog nates, ramps of aust programme objective inci he folowing: = te conbute othe improvement of management system ands perfomance = ofl external roqiremenis certScation oa management estem standart = to veity contort wih eonactul requirements; = te ottsin and mainiinconidence inthe capably of e super, = te deterine he effectiveness ofthe management system _— lo evahiate the compatity and alent the managerent sytem objectives wah he managemet system poy andthe vert organzatonalebecives, 153. Establishing the audit programme 1524, Roles and responsibilities ef the person man “The person managing he sus programme shoul = extabteh he extent of the aust programme — dent and ealat he Fike fo the aut programme: = extaleh aust responsi _— establish procedures fr aus programmes; = determine necessary resources — neice he implementation of the au programe, nluing the establishment of aud objectives, scope ‘nd ert of he naval aus, deterring aut methods and selecting the aut team and ealalng usr = ensue that appropriate aut programme recrés are managed and maintained, = mont, view and improve the aut programme. 15021 atin 785 EW 150 19011:2011 180 18011-20116) “Te porn managing an aut programme shoud inform th tp management of he contents ofthe aud [pogamme and where necessary requests approval 633 Competence ofthe porson managing the aut programme ‘Ta eran managing he aud programme shoulhave the necessary competence to manage the programme and te aeeclted rats electaly and eset, 26 wal a Knowledge an sis in Ue ftowing seas: — sit pens precedes and method = management system standards and reterence documents = scthtes, products and processes ofthe aust: = applicable egal and oer eurements relevant othe ates and products of he aun; _— customers, suppliers ang eer itersted partes ofthe audio, where appabl ‘Th person managing the aud programme shoul engage in approprise conus professional development ‘chies to maintain the necessary knowledge ard sks to manage Ue au programe. 532. Establishing the extont of ‘The person managing the aust programme should determine he extent of the aud programme, which car ‘rydepending onthe size ang atre ote suse, a wall son ne nate, unetnay, compen she lovlot matty ot, and mates of igrfeancelo, the management system be uated NOTE Incariin caus, depending ona ase sucrose, he ust rogranmne might ony coe nh st samt pret say Cone factors impacting the extent ofa aut programme inde the folowing — the objecve, scope and duration ofeach au and he numberof audits to be conducted cluding aus {olow up, tappebie, = he number, inportance, complety,smsly and locaions ofthe actives to be aude = toee factors intncing the effectiveness ofthe management yom: = appliabie aut eter, uch a planned arrangements fr he lavan managemen standards, lps and ‘Pnractul requis and otarrequrements which the organizations commited — conclusions of previous irate external aus = reais of prevous aud programme reve — language, cut and soca = the concerns ofintersted panes, suchas customer complanisornor-complance wih lgalrequement = sanicantenanges oe au ots operations; _— vainbty oformaton and communication achcleies to support aut acti, n particular house tvemete aust methods (oe Clause Bi): = the occurrence ofinema and extern overs, suchas produc furs, information secu ‘nd ally neler, ciminal acs or envronmetal nee, nesSEN SO 19011-2011 180 f90rt:2011(6) 1534 Identifying and evaluating aud programme rike “Tee ae mary terete associated wih etabishing, implementing, montoing, evwing an inproving ‘nau programme that may affect fhe achievement a fs objetves. Th person hanaging the programme ‘Should consider ese stan development. These risks may be assole wih Ie elowng: — planing 9, faire to set elevant aust eblecves and detemine he extent of he aud programme; = resources, 0g lowing insuteen ime for developing sui programme o conducting an aut, = selection of he aud team, 26 the eam does nol have the clectve competence to conduct aust siesta = inplemantain, eg, netlectvecommuricstion ofthe aus prograname: — records and ter contol, a fluo adequately protect au ecards o demonsate aut programe ‘Hectvenes — montering reviewing and inproving he au programme, 9. neffectve mentoring of all programme ‘comes hing procedures for the sud programme ‘he person managing he audi programm should estabish one or mor recedes, dressing the flowing ss oppcable — planing and echeding ude considering aut programme rks, = ensuring information seeury and confienty = ssscng the competence of usr and aust team esders = telecting appropriate aud teams ang assigning hl roles and esponsies = conducting audits, inusng the use of appropriate camping methods; — conducting sud fotou-up. appteabe: — resorting othe top management on he overall eehevements of the aut programme: = mmltlnng aust programme ecords = monitoring and reviewing the performance and sks, and improving the eflecvenaes of the act 526. dentiying aust programme resources \When identiyng resources for Ine aust programme, the person managing the auik programme should caneer — the financial resources necessary o develop implement, manege ad improve aut aces; = ut methods = tne vatabity of audtors and tecnica! experts having competence appropri othe parca aut programme objectives, = the extent ofthe aut programme and aut programme rks — Woveting tine and cos, accommodation seer audting needs; = the avalabityof intonation and communication technslogies.BS EN Iso 19011:2011 180 t90t1-201116), 5.4 implementing the audit programme ‘The person managing the aust programme shoul implemen! he aut programme by means ofthe folowing — communicating the pettnent parts of the sud programme to relevant pares and informing ther pavoiealy of progress = coordinating and soheduling ava and other sci relevant tote uc programme: = ensuing he slecton of auat teams waht necessary competence; = wovitng necessary resources tothe aud ams; _— ensuring the conduct uss n accordance wi the aut programme and win the agreed tine frame, — ensuring tat aut action are recorded and records are properly managed and mainaned. 5.4.2 Defining the objective and enter for an individual suit Each India! audt should be based on documented au cbecives cope and tea. These should be ‘esned bythe person managing the aust programme and be content wih the overs act programme beaten ‘The au objectives deine what so be accomplished bythe individual aut ard may include the follwing = determination ofthe extent of confrmiy of the management tera em tobe audited, pars of, wth aud _— eteminaton ofthe extent of conformity of eile, process ocedures ofthe management systems and produce with the requcemens ans — valuation of he capaity of the management system to ensure complance wih legal and cotracta Fequremons and over requremens to wich ie organizations corenited = evauanon ote enecweness or ne management em n meeing is species oyectves = denication of ras fr potential improvement of the management system. “The aust cope shouldbe consletert wih the aud programme and aut objectives. tincudes such factor. 22 physical lesion, rpenizationl unis, actus and procestos tbe aud, ac wel the tme peted overed bythe auc ‘The autre reused a8 a reference against whch conformity ie determined and may incude appcabe Dollies, prosecures, sfantards, legal tequrements, management systom requremerts, contact Feuemens, sector codes of conduc or cher planned arrangements Inthe event of any changes fo the aust ebjecves, scope o rere, the aut programme shouldbe modified iecessary. wien two or more management systems off imptnt thal he aus bere progammes i sipnes ae auld ogehe (@ combined au), tis Scope ad eels ae consistent wth ihe coacve of i ralevan aus ” 80.001 esened85 EN 0 19011:2011 180 19041:2071) 543 Selecting the aut methods “Te parson managing the aud programme thou aac and eetrmine the method for effectively conducting an aa, depending en the coined aust ojectves, scape and cir, ‘here two or more acting organizations conduct ok aust af the same austes, the persons managing theaferen aut progrmmes sou agre on he aud method and coir Impeatons fr resourcng and Blsnrng the aud. fan aude operales to or more management systems of diferent dscplnes, combined Sue maybe nud nha aud progranene 5:44 Selecting the aut am members “The pron managing the sui rogram shoul apolnthe members fhe sus tam, cling the eam ‘Anau tam shoul be selected, eking ito acount he competence needed io achieve the obecves of he ‘nail aud within the ded Scope. here oly one aud, the aude should perform at appleable Ses of n a oom leader NOTE Clause 7 cote guisance on dalemiing De canpelce required fr the aut eam members sd rtbes the processes fr svg a tn deciding the see and compostion of he aus tam forte speci aust, consisraon shoul be given to the tolowe 1) the vera competence of the aud sam needed fo achive aul objces, taking ino count aud scope and cies: ) complet ofthe aust and ithe aud is a combined o int ud ©) the aust method hat have been seit 1) legal an canractalequamens a other requremens 1 which he orgaizaton is commie ©) the naed to ensure the independence ofthe aut team members trom the actives tobe audted ano eid ary cot of interest [se prep «in Cue 4 the aba ofthe aut tem members inorac tecvely wih tho represents ofthe autive ano ‘work together, 1) the language of the aul, and the sudte's soil and cuturalchaacorisics, These lasues may be ‘reseed ether bythe autor: owe sks or Ivough he supporto a tecical xp 218 the overall competence of the cet aa, the floning sops shouldbe performed = dencation ofthe knowledge and tile needed to achleve the objectives ofthe aus = telecon ofthe aut team member so that all the necessary knowld sd tam, and slate ae presen the Itatne necessary competence tot cored the sutorsin he ativan, lehrical experts with atonal {competence should be incoed Inne eam Teta expert shoul opera unde the econ of an aut, Dut soul nl ae a8 uae. ‘Audtosn-aring may be ined in the aust team, but shuld partpate under te ection an guidance ofan aadoe ‘Agjustnents tothe se and composon ofthe aut eam may be necessary during the aus. cone, Gers! or competence sue ares, Wsush a slualan aes, t shuld be cussed wah the appropiate Paes (eg aust ear eager the person managing fe aut programe, aul cient of aust) bear any {ustments are made. 90 igure “css sn 1"85 EN SO 1901122011 Iso tsort2011€), 45 Assigning responsibilty for an indi st to the audit fea leader ‘The person managing he aut pogtamme shoul assgn the onsbity for oncting he nla {ban act om leader ‘Te assignment shous be made in sitet tne before the scheduled date ofthe aa inorder o ensure the effective planning of he auc “To-enaue eect cence ofthe indi aus, he folowing ntrmaton shoul e provided othe aud team leader 2) auc objectives: aut eteria and any reference documents ©) sud scope, incung Hentiicatn ofthe organizational and functional us and processes to be aude, 4) aud maods and procedures; ©) composion of haut team: contac ets ofthe axes, he locations, 4) Alocaon of appoprioeresouces to conduc the aut; ats and dcton ofthe aud actives obe conducted 1) nfostionneeded for vausting snd aderesing dented sks othe acieverent ofthe aud objectives. ‘The assignment information shoul lo cover the allowing, as appropcate: = working and oping in ‘bute, or both rage of he auc where tl ferent he ang.age of th aur othe — st report contents and letibutn required bythe au programme: — mati lated conentity and information secuy, required by the aud progamme = any heath and lt equement forthe ators — any security and authorization requiements; any fotowup ctons 9. fom a previous ust, apcable; = coorinton wit other aud acSiites, n the cate of ot ut \inere jit audi conducted its important to each sgreement among the orgrizatons conducting he luda, eloe the suit sommences, onthe specie esponlies af each party, aria with regard the suinorty ofthe tea leader apple othe aud “The person managing he su programme shuld ensure thal he folowing aces are pecormed: _—revaw and approval of aud report, including evaluating he suitably and adequacy of aust fsings: “= revi of rol cause ants andthe effectiveness of corectveacions and preventive ations = atibuon of aust reports tothe lop management and cher relevant pares: = determination ofthe necasy fo any flowp aust 2 se, SSDS AS metBS EN SO 1901122011 180 9014:207416) sud programme records “Tne parton managing te sud programme shoud ensure that aust records are crested, managed and ranisined to demonstrate te Iplemertaton ftv aul programine. Processes shoul be eslolshed To sure tal ay contdenally needs assocoed wih the aut records are adresse. Recorde enous incite the flowing: 5) records related to he aut programme, such 25: — secumeried aut programme cbecves and extent = ose assessing aut programe risks; = revews of he aust programme aflechvenest; 2) record read to each ncvival aut, such 38 aust pans and aut reports: — nonconormty reports = corectve and prevenv action repent — st olow-up reports, appcabe; ©) records relate to aust personnel covering topics such a5 = compatence and perfomance evaluation ofthe sus um members = slecton of aust tes an eam members = maintenance and improvement of competence “Tatoo an ov deta othe records should demonarat hal he abacves fh st progammenave been achieves 55. Monitoring the audit programme ‘The person managing uf programme sould ontrisimplmentaonconidting the ned 12) evaluate conformity wth aust programmes, schedules and aut objectives 2) evaluate the performance othe cut team members ©) evaluate the ait fhe sud teams te iplemente aa plan 4) evaluate feedback rom op management, sudtoes, asters an othe itrested partes ‘ame factor may determine the ned o mod the sud programme, such asthe folowing — dt dings: — semen evel of management syst ofectveness = changes othe cents he audtow's management system: = changes o standards, eps andcontracualrequrements and ther requromentstowhich he rganzston Iecommited, = change of supper, Ctso 200 atte meres 88S EN 160 19011:2011 Iso t9018:2011€), Reviewing and improving the audit programme ‘Te person managing the aul propramne should review he auc programme tosssess whee is objectives hase been achieved. Lessons farmed tom the aust programme review shout be used as puts fr the ‘rll improvement procass or tbe programme ‘Th aut programme review should consider the folowing: 1) ren ad rand om 1) comfermiy with aust programme procedure ©) volving needs and expacatons of itereted partes; aut programme recor ©) seratve or new auding methods 1) etectveness ofthe measure oadsess the ake asecite wih he aus programme: 1 confident and formation scurty ines relating othe at programme ‘Tn person managing he aus programme should eve the overall impemenlaon of ne aul programe, deny sees of mproveren, amend te propane fracessary, and shoud asa = ‘view the conta pofessona development of aude, n accordance wth 4,75 and 7 = report the resus of the eu programme rviow othe top management 6 Performing an audit 61 Generat ‘Ths cluse contains guidance on preparing and conducting aut ache apart of an aud rogram Fare 2 provides an oveew ipa aust aces. The exert 6 whieh he provlon of Ne Suse are Sspatcable depend onthe obechves and scope of he spec at “ 018020 Apt eedBS EN IS0 19011:2011 180 19091:2011(6) 22 aan canoe 9 sen 2 buon ees of Sat ib Ta Pepeg aac 3 eigen ppt br at [32 Parnes [234 erg wet coma 1 Snr espa naire $23 Sean nora sein enn wt 4 commana soy eat seg a prs fn nd tae 3 elec nna mori lsezeceacgesatrepot it { conplong he wast Cee | Wesson be ua NOTE Sobeaue numbering rsa e rebvartsubeuees of h Inraton! Sin re 2— Typleal audit activities 6.2 Initiating the auait ‘When an audi intte, the responsi fr conductag the aud remeins wth the asigned aus sam leader Gee 545) unl the aus completed (see 6.0, “Tointate an aus te stps Figure 2 should be consicred however, he sequence can ater depening on the aus, processes and specie crcumsances of he auc ‘190.201 Ab ge neoes 685 EN Iso 190112011 Iso tecr1:z0116), 622 Estabtshing inal contact withthe autos “Te nal contac wih the aude forthe perfomance ofthe suit can be informal or formal and shuld be ‘mace by he au tam leader The purposes othe iia conc re Ie flowing = cone the author to conduet the aut; = provide infomation on the sult objectives, seope, methods and aul team compesion, incising fecal experts = reqvst accor fo relavan documents and rear fr planing pupae — determine sppcble legal and contractulrequrements and oer requirements eleva othe ats and products ofthe aves, = confirm the agreement with the aude rgaring the exe of the discloure and the Westnen! of onfsetaliomaton: = ake arangemens forthe aut inchag shedng the dates = determine any location specie regents for secese, secur, heath and safely other, — soyee onthe atendance of observers andthe need for gules forthe au tam; = determine any ates ofntrest or concern he aude In reltion othe specie aut, {623 Determning the feasibity ofthe suet ‘Tefen fhe auc house determine oprovide reasonable confidence hat he aud objectives can ‘The determination of feasbty shoul ake it consideration such factors a the avlabily of the flowing = tulfleent and appropiate loemation fr planning and conducting the aust; —_sdequat cooperation fom the aude: etme and resources fr conducting the at alee 634. Performing document review in preparation forthe audit “Ta evant management system documentation ofthe susie should be reviewed in ode = gather nfrmatonto prepare sud actvies and applicable work documents 208.34,6..enprocestes, finatons, = etabish an overview of the extent fhe system documenation to detec possible gaps. NOTE Guldnce anh gefrm a document eves provided in Cause 2. “Te documentation shoud incu, 26 apcable, management sysem documents and ecards, a¢ wel 35 previous aust reports The documant eve shoul ak na azzoun he se, Rare and eampienty of he utes management sytem and orgrizatn, andthe aus bjectves nd scope 6 2150201185 EN Iso 19011:2011 180 19041:2011) 63.2 Preparing the att plan 163.24 The aud team ener should prepare an aud plan based onthe information contained nthe aud programma andi he Socrmentaion proved by te suas The aud psn shoul cose te elect othe uaa onthe audine'sprocesus ad prove he bai forthe sgrexmant among the Sut cen. st {eam andthe aude egarng tne conduct of he aud. Th pan should flat heeft Schedulng ond ‘oration ofthe aust aces norer Wo achieve ie obecives eles}, ‘The amount of etal provided in he aust pan shoul eet he scope an complesty fhe aus, a wall 3s the effect of uncertaty on acheung the aud objectives. in preparing he aud pian te aut eam fader shoud be aware of ho flowing = the appropriate samping techniques (e8e Clause 8.3) = ne campostion ofthe aust am and it collective competence: = therisks te ogsnaton created by the a For example, iss to he orgerizaton may rsul om the presence of the aut eam members inluencing heath and sally, endronmart and qualy, and the presence presening teats to te autow’s products, ees, pereonnlorifasrucure (e.g, contamination ean room fates, For combined audit, paca sttenlon shoud be gen othe Interactions batwoen operational processes nd the competing ojectnes and pores ofthe seen mansgemen stem, 6.3.22 The sale and content ofthe au plan may dif, for example, between nal and subsequent aus ‘Sewell as between toma and enteral aud. The aul an shouldbe stir fxd port changes ‘ie can Become necessary asthe sul acvies progess “Te aud plan should ever reference the flowing 1) the aud objects; 1) the aud scope, citing idenication of he orgtiaional ad unchonal unt, ae wells processes ta ©) the aud crore end ary reference documents the tcains, dale, expected Une nd duration of aud aves tobe conducted, inching meetings ‘nt sutoe's management 1) the ust methods ta be ured, incising the exer fo which aust sampling is needed fo obian son tt vidoe an the ceslgn of he sain ls, apical 1) theroles ae exponsiies of the aust eam members, as wol as guides and observers 4) the allocation ot appropriate retouress occa areas oft ‘The aut plan may sea cover the fotowng, 2 appropiate: — ‘enttcaton of te austen’ rpreseiatve forthe aud; — the working and reporting language of th the sues or both ut wheres is dterent fom the langusge of he audio or = the aut opr topes: ‘rangement, ining specie arangements fr the locaton to be = any specie measures tbe taken toads the ofc of uncertany on achieving the aut objectives = matters elated to contdentakty ard nfermaton secur, (2100 2011-Aie mee @25 EN 50 19011:2011 Iso 19098-20116), — any otow-up scons rom a previous au _— any fotow-up aces tothe planned aut; — ceorsination with other aut aces, incase of a lt aud. ‘Te eu plan may be reviewed and accepted by tne aud cert, and shuld bepress he aude Ay bjectons by tne auto the su lan shouldbe resolved been the aut town ‘he aula. 623. Assigning work the aust tam ‘The aud eam leader, consutaton wih he sus teamn, should satign to each team mabe esponsbity for auding specie processes, atic, funcons of locallons, Such assinrents shoul tak no account IRelndopendence and competence ofaudtors and he efecive use of erouces, ot well as deen les id ‘esponeaties of audtore, audlrsn-vaning ard tehneal experts. ‘Aut team brietngs should bo ald, 28 appropri, by the au team leader inorder to afocate work ‘ssignmnts and decide porsbie changes, Changes fo the work assignments canbe made as he Sut ‘rogesses in ede lo encore the ehlovrnt fo aust objectives. 6.34. Preparing work documents “The audt team members shoul clet and revew he lormation relevant ther aust assignments and Prepare work documents, 26 necessary fo feranice and or recordng aust evidence. Such wrk documents mayne he folowing = chest: = sult sampling plans — form or recording information, euch a8 supporting evdencs, aus range and cords of meetings ‘The use of chacla and forms shoul nt resi the exert of aut actives, whic can change asa result finforaton elected ding the Sud NOTE Guidance on pepsi wrk document glenn Clause BA ‘Work decuments, nung records resulting om Der se, should be retained atest unt ait completion, trae speed nthe auetpon.Reteton of documents after aut compton fe described in 68. Those document voting conden or poprilaryinermaton thas be sabi sategarSed a al ies bythe ‘tustteam members. 641 General Aud acts are normaly conducted in a dened sequence as ineatedin Figure 2 This sequence may be ‘ede st the eveumstonces of pect auds, 6:42 Conducting the opening meeting ‘The pupese ofthe opening meting 8) conf the apreement of al partes sue, aut ea) tothe a plan >) noduce the aust team: ena tha al panned uct sts can be performed 60211 - Ares85 EN ISO 19013:2011 180 19041:2071(6) ‘An opening meeting shoul be hele wt he aucste's management and, where appropiate, these esponsile {or tne tnetons or processes to be audted,Ourng the meeting, an oppertoy lo ack ueatons shoul be provides, “The degree of deta shou be consistent wih the onary of he auc wih tho aut process In many inrances eg intemal aus neal organiza, the opening meeing may spl cons of communiosing that en aud being condtes and expaing the nature of he sua For cher aud stuaions,the meeting may be formal and records of atencance should beep. The meeting ‘hau be chaired by the sud tam leader andthe folowing dems shu be cenldted = approprice — lnvoduetin ofthe partlpats, including observers ané gules, and an cutine of the oles — confirmation o heart ebecves, scope and cra = confmaton of he a pln ae the relevant arrangements wi the au, such asthe dale and ine forthe closing mate, any ierin mesings between he aust am andthe auleesmanagerent a ary ate changes = presentation ofthe rethods tobe used lo conduc the aut, neudng sein he aes that the sus ‘idence wile bast ona sample of Ue Iformaton eval; _— srodueton athe mathods to manages tthe organization which may osu fom he presence of the = confirmation forms communizaion channels Blween = contemation othe tnguage 9 be usd ding the aud; = confirmation hs, ung the at, the aude wil be hep informed of ut progress = contematon thet theresources and facies needed by the au eam ae avaiable; = confmaton of mates relating to confidently and irformation secu _— contmaton of relevant heath and safety, emergency and secu procedures forthe au — ‘formation on the method of porting aut fangs ncung aradig ay: = formation abou condons under which the ast may be terminate = inlormaton sbout i slesng meeting — Information about hw te deal with possible ngs during the aut: = lormaton about ay sysam fo feedback om te audiee on the Fings or concisions ofthe aud, Ineuaing complaints apeat 54.3 Performing ‘The auto's slovan documentation should be evowed a: = determine he contrnay ofthe system 2 fa a5 documented, wih aut exer athe inermation supporto aut acts, ament review while conducting the audit NOTE Guides an hw pie document eve proved Cure B2 “The review may be combined wth he oer su actules and may cannuetroughoutine alt, povng tise not detente heefecveness ofthe conduct ofthe aut. adequate dacumentahn cannot be proudewihln the ne tame oven Inthe aud lan, the aust ea Tender should inform bot the person managing he aud propre a he autoe. Depending onthe aust Ico 201A rm *85 EN 150 19011:2011 Iso 49041-20146), bjctes and scope, a decison sould be made as to whether the au shoul be continued ot suspended ‘ti docimentaioncorcame re resolved 6.44 Communicating during the aud During the aut, maybe necessary to make formal arrangements fr communication win the at te, 135 wo as wih he aude, the aust cent and potealy wit) esteral bodes (eg, regulator), especially “there legal reqernents requ the manasory poring of non-compllanc, “The aust am shout confer periodical fo exchange information, ass au progress, and reassign work ‘between the au fam member, a needes During the aud, the aut fem leader shold perioialycommunicale the progress of he alt ard any ‘concerns to he noes and ast cet, a appropiate. Evdenoe catered during he ut that suggests 37 Inmate snd slgicant ick othe sui shouldbe reported without lao the aude ands appropriate, 10 the au clenk Any concern about an isave ouside the aut scopa shouldbe nled and reported to he ‘ud team leader, or subi communtaton tothe aud lent and au ‘ere the avaliable aut avdence indcaas that he aut objectives are unatsnable the aut tam laser ‘shoud vapor the fearon othe aut clan anc the sree fo det'mine appropriate scion Such econ may Inehidereconrmation of modeaton of the aus len, changes to te aud objectives ave Scope, OF ‘teminalon of te sc, ‘Any nee for changes othe aul pan which may become apparent as ausing actives progres should be ‘evowed and approved, ae epproprateby both the person managing he sud programme and he aude 845. Assigning roles a Guides and observers (29, puter or alher interested parties) may accompany hs ‘otiunce or rfre wth he conduct fb sua, It enol be aseured he aut team ieder shes Fave the ig oder ebservers rom lain part im cetaln aud acti, Focobceres, any obigaton in lalon heath and sty, secury and confientity shoul be manag betwoun be audio! andthe sate, Guides, appined bythe auto, should asi the au eam and act onthe request of he aust tear ede, ‘Tht responsbibes should include the flowing 2) assiting te ude a Kenttyng Incvsal to parkcpate in itersows and conuming ing 1b) arranging acess to speci locations ofthe autos 6) enerng that ues concering locaton easly and eecury procadures ae own and respected bythe Sd oum members and observers ‘The toe the gulde may als inl the folowing _— winessng the aust on beta of te aude; — proviso eateaton or assign cotectng information. 648. Collecting and vertying information uring te aude, nfrmaton relevant the ast objectives, cape and tel, ning infermation lange Inertsces between tnctons, aches end processes, hav be cllctod by means of appropriate sarang ‘nd shouldbe vefied.Onyniormaton hal verifiable shou be sosopled ae aut evisence. Aud evdence dng fo aut ndings shou be recoded. during the calacton ot evidence he ut eam becomes [Sarto ey new or changod coumstances risk, hese shoud be adtested by te lem acco. NOTE Gudence onzorping enn Cause 3. Figure provides an overw of the proces, om electing infomation 1 reaching aut concuions. 2 bts0201 perenneBs EN ISO 19018-2011 180 19041220441) te Gace mn tet eg nai Figure 3— Overview ofthe process of collecting and verifying information Methods of cecing information ictde the otowing = tervens; = obeervatins: = revow of documents, including recess. NOTE 2 Guiance on owes otzvomaton gen Cute 8. NOTES Gulfince on iting he adie eaten penn Cause 88 NOTE 4 Guldece on how condit nervows shonin Cause BY. 647 Generating a ‘Audit evidence shouldbe evaluated agains he aust ier In orcerto dete au ings. Aud rings ‘nese onformty er noncenormay wih aa cite, When specie by the aul plan, dial aust findgs should include conforma and good pastes slang wih he suppring evidence, opportu for ‘mprovemenl and any recommendations fo the sue. Nonconformiles and thelr supporing aust evidence shoud be recorded. Nonconformbes may be grade “Tey shoud be revewed with be audtee In order fo obtain acknowledgement thatthe tush evince cata, and hale noncorformies ae underteos. Every atempl shell be made a ecave ary dverang ‘Spinions coneeming he aul ewdence or frangs, and uceslved pois shoul be recorded. “The aud team should meel ae needed even the aus range at appropiate ages ding he aust NOTE Aston uence on he nication and luton fase nse gen Clase 8, (18001 -AE apts memes a180 190%1-2011(6) 643. Proparing audit conclusions ‘The at team shout confer roto the sing meeting inorder: 8) review the at fedings, and any ther appropriate Infomation coteced dung the aust, apanst the saa ejects, agro onthe aust consis akg ito account he unerany inherent ine aut process ©) prepare recommendations pected by the aud plan 4) dscuss aud fotow-up, as appicabe. ‘ut conctusions can addess issues such a he ollowing — te extent of conormty wih he aust riers and robustness ofthe management system, feuding the ‘Meclvenets of bie management system in mesing the sated oboctves, — te fective implementation, maintenance and improvement ofthe management system: = Me capabity of the management revlew process to ensure the continuing sutaiy, adequacy, ‘ecvenass and improvement o the management yaar _— stevement of aut objecties, coverage of aud scope, and ffiment of aud tera, = ot causes of findings, tinted in the aust plan — sia trains made in deren areas hat were aud forthe purpose of ering ten. specie by he aud plan, audtconcuslons can les to recommendations for improvemet, or future sung sees, 648 Conducting te closing meeting ‘closing meeting, flied bythe aust team leader, should be hel fo presint the aust Sings nd oncisen, Paripans inthe losing meeting shoul iclude he management the aude ana, where ‘ype, those response fr the uncon or processes which have been aude, and may also cle ‘he anc chet and oer pares applicable, Ihe oud team leader shoul advee the aude of stuaons trecuntered dung the aud nat may decrease the conience thal canbe pacedin the auc concen ‘inndin tne management yttam of by agreement win he sud cnt, the parbparts should agree onthe time tame for an aton plan oaderess a cigs. “The cogtes of deta shou be constr wth he fanart of he uci wi th aut process. Fer some uaistustone the masing may be formal and miles, nd records Of standance, should be hap In stherinaanees, eral aus, the dosing maeing\s les formel and may const sla of communicating {he aa ain and aut coneition. As arropit, he flowing shuld be explained othe aude inthe cosng meding _— ting that he auc evidence cotected was bazed ona sample of he lomaton aval; =e mao of eperig, = ne process ot hain o aus frngs and possible consequences — resentation ofthe aut frings and conclisons in such a manner tht they are understood and teknowledged bythe audiees management, — snyralatedpost sud actives (¢., nplemertaon of corretve scons, audtcomplaint handing, ppe process) ‘Any dverang opinion rearing the aust ning oF concisions between the aut team and the aucoe haut be dscused and possible, resolved ot rsclve, hs shoud be recoded.SEN ISO 19011-2011 180 19011:2014) 1 spaced bythe aul objectives, recommendations for Improvements may be prsented. should be timphasized tht recommendation se net nding 8.5. Preparing and distributing the audit report 6.541 Proparing the aut report ‘The aut am leer Should report te aus resus in accotance wih the aul pregame procedures “Th auc epor shoud provide complete, accurate, oneve an clear recrdf the aul and shoulinclude eter to te okowing 2) the aud object 1b) the aust scope pricey entiation ofthe organizational and functional unser processes aude ©) Idencason of th aust fet; 9. Ienicaton of team ane aude’ partlparis inthe au; ©) the dates ad locaton where the auc actives were conducted: 1 the aust teas the aud forge ard oats evidence; ot at conetsire, 1) statement onthe degree to which the aul exter have been fue, “The aud report can sis noid orrefr tothe folowing, as appropiate: = the sus pln inlng time schedule = seummary of he au process, ncn any obstacles encountered hat may decease the = confirmation that he aut obecives nave been achieved within te aul scope accordance with he ‘ut ple, any areas witin tne aul scope ot covered, — summary covering he aud eonetisons the main au ngs that suppor ther — any unresoived dveging options between the auc team andthe ase = opportanties or imoevemen spacied inthe aust plant = 9008 practices iri = agreed oow-up acon plans, fay —setaemant of he conde nati of he contents _— ary impeatons forte aust progranen or subsequent suds = the bun at the aud ep. NOTE The sustrapar canbe developed blr he cosng meeting 165.2 Distributing the aust report ‘The aut report shouldbe issued within an ogre perod of tne. Ris dlaye, the reasons should be communicated obi aude and the person managing the aus progranme, tsa -Alapeememed 285 EN ISO 1901122011 Fso ss0rt20116) ‘ne audtrpo shout cle evened nd apps aap, nacre wha panne ‘The aust report shoud then be dstbuted tothe recipies as defined nthe auc procedures or aud pan 68. Completing the auait “The audits complated when a planed aust atvtis have been cared ou ofa otherwise agroed wi the uci cient (ag here might bean inexpected ston Ua preven the aud being completed aecorng fo ‘re pl Documents perahing to the aust should be retin of desvoyed by apreerent between the palpating bares and in accordance wth a programme procedures and sppable reuters Unless equ by lw, the auc team ad he person managing the al programme sho nt dscose the ‘contri of doeumants ary eter inrmation elaine aun re ua ortho au ep, 0 ay or party ‘ethout the expe approval of be aud cfot ana whe appropri, the approval! he audee.fscsure ‘tthe conan fan aut docu Yequee, the aud clot and sues shoud be formed 3 soon 35 Lessons lesed fom the aul should be ener int the conus Inpovement proces ofthe management fst of the aude eganzatons 87 Conducting audit followup ‘The concusone ofthe sua oan, depending on the aust cbjecves, indicate the need for oxrectons, {or carrectve,prverne or improve auton, Such alone ave ual declded ad undertaken Oy the ‘ote wit an apfeedUnerame. As appropri, the scien shel feep the person managing the aut Programe and ine aud am informed othe tale of hese scons. “The completion a etecvanees ofthese actons shoud be vere, This vaifcation may be part of suosquer: aud 7 Competence and evaluation of auditors. TA. General Cconience inthe aud process and he aby o achive te objecves depends on he competence of ha Indie who ae volves in Banning and conaucing aude, mdudng audes anc aut tam leaders ‘Competence shoud be evita though a process hal eansses personal behaviour andthe ably o app the knowledge ana sil gained ough education, wrk experiance, ausor ating and audit experience. ‘Thi procets shuld ak na consideration the needs othe aust programe and is ebecves, Same fhe nowledge and stile descrbedn 723 af common to auaiors of any management system depne cers ‘especie to ndvduel management system dcpnes. Rie rt necessary foreach auto te au ten {ora the same competence, however the overall competence of he aud eam needs tobe sufient t eevee aust cjctves, ‘Ta evauton of aor competence shouldbe planned, Implemented and documeried in accordance with the audt programme, induding ts procedures to provide an cuore tals ebectve, consistent ar and ‘albo, Th evaluation proces should ude four mah sep, as flows: 2) determine he competence of aut personnal fll he need ofthe aust programme; 2) sate the evaluation eters ©) asic the appropiate evaluation method 4) conduct he evaluation 2% 80201 -Aremee85 EN Is0 19011-2011 180 19048:2091(6) ‘The oucome of the evluton process shoud pro a bai forthe flowing: = selection of ust tom members as described nS. determining the neo for improved competence (2g. adtona ring): — ongoing perfomance evatation of audtors, ustors shoud develop, mania and inpove fee compelence ough continua pretessional development ‘nd regu partaionn aude (08 78, | process for evuaing eutors and aut team leaders i desced in 74 and 7. ‘Audios and ait eam leaders should be evised agains the ortera et outin 722 and 7.2.3, ‘Te competence required ofthe person managing te aus programme is descrbedin 63.2. 7.2 Determining auditor competence to full the needs of the audit programme 124. General lncecding the appropiate knowedge ane! skis requ a he autor the elowing shou be consaeed: = the size, nature a complenty fhe organization tobe aud ude the objectives and extent fhe aut programe — tho management eytem dips to = ther requirments, such a those pose by enteral bodes, where appropiate: — the roe ofthe aut process in the management sysiom ofthe aude = Ine complenty oft management system to be aude; _— the uncertain achieving aut objectives ‘This formation shoud be matched agains tha sted in 72:32, 72.3.8 and 72.34 122 Personal behaviour [Aufiors should possess the necessary quale to enable them to actin accordance withthe pinpos of ‘osting a descrbed In Clause 4 Audlors shoud exhib preessoral behavout dung the performance of ‘ust acts, Incusing Being = tial Le fa, ru, sincere, honest and ces; — open-minded. wing to consider aerate ide = dipematig, eatin eating wath people: pols of iw percept, a, ae of and abet under — vette, eb to oadly adept ferent uations; — tenacious, e. prssten and focused on acleuing objectives = decisive able to reach timely concusons based on logical reasoning and analysis; = seteosan ete at and function independently whi! iterating eflecvely wi thers 2160 2011-Atpes ees 2Botsonaomey ‘ting wih foe, Labi fo et esponsly and etialy, eventhough these acons may not always be populer andmay somtimes rest nciagreement confrontation ‘open impronment ie wing lean rom stulons, and sting for beter aus rests curly sense, le. observant and respect tothe culture of te auctee; colaboratve, ie effectively intratng wit cher, incudng aud eam members andthe audte's personnel 7.23 Knowledge and sit 1.234 Genera [Audiors shoud porsess the knowledge and sklle necessary to achieve the intended rsute ofthe aust ‘ney ae expected perorm. Al auors shoud possess gene knowledge and sls and shoul ls be ‘xpeced i possess some sscple ad sect specc Knowledge and els. Aud team leaders should have the actions! knowledge a ile nacastry fo prose leadeahpt the aut ear 7232 Genetic mowledge and sil of ma jrment syste auditors ‘Autos shoul hve knowledge and shi Inthe areas cuted below. a » Conducledin consi and eylematc manner AM aude shoud be abl odo the flowing —sppy aust pipes, procedures and methods: — plan and crane the work terval = conducts suit within the agree tine schedule — prlotize end focus on mates of signifeance: = coletintrmaton though efectve Iteriewing,Isening, observing and reviewing document, ‘records aed dala = understae and conde the experts epnons _— understand the appropsleness and consequences fusing sampinglecniques fr audio _— erly ne elevance end weouracy of collected formation: = confrmine sutclency and appropristenes of steven o supper aut dings anéconcutns; = aseoes te factors that may atlet hereby of he aud ndings and concison; = use work Socumans to record aud sete = document aust frcings ad prepare appropiate aud reports _— ainsi ne contidentay and secorty of nfermaton, data, doctments an record: = commana effectively, orally andinwiting ether personaly. of rough the ‘analog: flerretes end —undectard the types of ihe sszocaed with austng Managementeystem and reference documents knowledge and sk inthis area enable the autor to ‘omprehend he aut scope and apply aust ri, and shad ove he allowing management syslem standards o other documents ved as aud erie: 280201 Ag emtSEN ISO 1901122011 180 #9041:2071(6) = the spplation of management system standards by the sudtes and ater organizations, as sppropate — tneracton between the compenens of the management system; — recogining the Nerarchy of eference documents; — application othe reference documents to dent aust sustons ©) Organisational content: nowedge and sks inthis sren enable the autor comprehend he audte's Sthucture, business and maragament pracices, and shoul cover he flowing — organizational ypes, governance, sz, stucture, unctlons and relatonstips — general bsinoss and management concepts, processes and related terminology, nding planing ‘udgeting and management of personne, — cutral and soci specs of he auto. ioablo legal and contracts! requirements and other requirements that apply to the aude: edge end sks nh area enable the auditor o be aware ot and wore wil. the opeizalon’s lejal and cantsoualrequkements:Kroledge and stile spect the ftedaon oft Ne austen’ ‘vibes and products should cover he folowing — wean coglaons anther governing agencies — basi egalteminlony. = contracting and tabi. 11232. Diecipline and sectorepecife knowledge and skis of man [Audlors shout have the spine and sactor-specie knowledge and k {he pricalar ype of management system and set i nl necessary fr each auior nthe aut team to have the same compdence: howe, he eral Compeence ofthe audh team needs 19 be euicien woaohiove the aud objectives The dcipine ane seclorspecitcknowoge and skis of autor ince the folewng: — opine specie management system requrements and principles, and thet eppizaten: — pal requirements clean the ciscipine ad sctr, auch tha the autor aware ofthe equements "ectiethe uredeton andthe aust’ obgatons, alles and produc: — requirements of ineresiod partes relevant tote speci scp; — fundamentals ofthe dip endo application of business and echricaldscpine-specic methods, {esiniqos,pocarses and pratons, suis fo enabie fe ado To amine the management ys nd generis appropiate aa ndings and concusion — Aispine-specitc knowledge cle to the particular sector, nature of operations or workplace being Sided suftcnt forthe audtorta events the eudtees acviles, rocertes, and produce (goods and Serica _— ik management pres, methods and techniques relevant tthe dscipe and sector, such tha he ‘idtor can eve and conrl th ks assoc wi the Su programe, NOTE Gultance and munave erample of dpe specie rowed hh of utr ae proved it 2100201 Attar aSEN 1S0 19011-2011 10 19071:2011(6) 7.23.4. Gener knowles ‘Aust eam leaders should have adonl knowledge and sts o manage and provide leaders tthe aut ‘tam, inorder ecltae the efit and efectve conduct of he aust. An aust ar fader shows Nave he Ioniedge and hs necessary to do the lowing 8) balance he strengths and weaknesseso the indvidal aud am members 1») develop a harmonious working elatontipameng the aus eam members; 6) manage the aut proces, neudng — panning the stand making eetve use of sources dung the auc, managing he uncorinty of achioung ua bjecves: — protetng the neath and safely ofthe aust team members ung the a, ncuding ensuring ampilance ofthe auditors wih he relevant heath safely and secu requremets = organizing and deting he aut am members proving rection and quigance te austorsntaining _— preventing and resolving confess necessary represent te aust team in communion wih te person ma ©) nad the aut team reach the aut conclsions 1) prepare snd complete the aud report. 1.235 Knowledge and sil for auditing management systoms aderessing multiple discipline ‘Autor who inno papate a8 an aud team member in austing management sysems addressing ‘matple sopinerehoud have the cmpslece neceseaty fo aud at east one of he wanagerert sytem ‘deciplines ana an uneretanding of he nscbon ana syargy between the cferet management ston ‘Audt team leaders conducting austs of management sytem. adsesing wuliple dlscpines shoul ‘Gnlerstand the regents ofeach othe management sytem standards and recognize te i tha ‘owledge and sas in each ofthe decpes. 1.24 Achieving auditor competence ‘Auditor knowledge and hile. can be scqules using a combina ofthe folowing: — ‘ermal edsetontisning snd exparone tat conus ote development et knowedge and kl nthe management sytem secpine and sect the austen o aud = ning programmes tht cover generic user knowles = expesionce in areleventechrizal manage or rofesional postion wohing the etree of udgement, ‘decom making, problem aoving and eommaneaton wih manager, prferscal, pes, cuomers Sint other mart partes, _— suit experience acquies undar te supervision of an audtorin the same desing 7.25 Audit tame [Anau ear leader shoul have sequed ational aud experience to develop the knowlege and kis ‘teaibed in. 72.. Ths additonal experince should have been gained by working under the dean and ‘glance of ferent aul ean ado. 2 21502011 Apacs85 EN Is 19011:2011 180 19044:207116) 17.3. Establishing the auditor evaluation criteria ‘The ceteris shoul be qualitative (such #8 having demonsraled persoral behaviour, knowledge othe performance ofthe sis, tang or inte workpacs) and uanlatie (uch a the years of work experience nd ediaton, numberof aude conducted, hous of at kang TA. Selecting the appropriate auditor evaluation method “Th evaluation shouldbe conducted using no or more ofthe method sled fom thatein Table 2. In uing “Table 2h allowing shouts be noted _— the maths cutined representa range of pions and may nol aply nal shuatons; — the vrious methods auined may die a hl reiabiy, — 2 combination of methods shouldbe used to ensure an outcome tha! is objective, consist, a and ‘elute Table 2— Possible evaluation methods Trauaton method] oe oT FRevew econ ~~) Tovey a taogrunaol i aster | Dnajenat eee of aeenlon, ain, 7 scdtenernce| Fessbeck a pade Womston abou how ha | Survey queseraaven, paral Pcrmatadibe snare pared | iveran eon ona, iri Fissainia pesralboheiourand | Peron avons eaemareco ste very fomatn fclestinoagje sats seq a L ntmaton ‘Obenaion Te eauat Toe png Wines at, ov RD iy ope wage an evar sng To evka prone bebavow and | Ora and writen ae, oye roving od cils end optcaton | etry Pestauatvevew |e prone toratn one acer | Rew ih sa ep, ervaws wih Patarmance drng ne ses aces, leo aco he ea er nd ena renin ana weaknesses 75. Conducting auditor evaluation ‘xpected fo ptt nthe aud programe des roll the cri, than adational ating, work or 20d ‘experience should te undertaken anda subsequent re-evauabon shoud be perormed 7.8 Maintaining and improving auditor competence ‘Austors an aud eam leaders shoud continual improve sr compeience. Adors shoud mana the ‘suating competence trough regular pereipalon in managome't sytem aut end contual professionel developmert Cortrual prtesinal development ves the maintenance and imporemen of competence. “hia may be acuoed through meane such ae adonal work expeence ang, pvate vd, coschng attendance a reetngs, seminars and conterences or ae evant ates ‘The peron managh the audt programme should establish suitable mechanisms fre continual evaluation ofthe perfomancoo! the audor, and aud team leaders 0 tA ened 2BS EN 150 1901122011 Iso t9011:201116) ‘The conualpoessons development ectvles shoul tke into account he folowing = changas inthe need of te inca andthe orgarzaion cesposibie othe cond! fhe aus; = the practice of uatng: — televant standards and other queen 0 fs 201 ) onto atv ald any unnecessary dsurbance of the operational procetss = ensure hat ne aus tar using PPE prope — sure emergency proceres ae communi 2g. emergeney eis, assembly point) — schedule corsmunication o minimize ruption: = ndnpt sae ofthe aut tam and the number of guides and observers secordance withthe aud ‘cope oder to evo ierteence wih the operaional processes a faa praccabe, = do not Louch or maripuste any equipment, unless explily pemiid, even when competent or Tense, = amine ooeur during he on-site st, te aut eam leader shoulérevew tha stuation wth the ‘soe and necessary. with he aud clon and reach agreerant on wheter Ue a shold be ered rescheduled or cone = taking photograph or video male tk for suhoteaton ftom wanagement in advance and fonsider secur and confidenay matars nd vod taking photoaphs of incviual persons snout tne permission — Waking copes of documents of any kind, ask for permission in advance and consider confentaty nd secur mates = whan taking notes, esi clecting personal information unless roquite by the aud objctives‘or ut rer, B7_ Conducting intorviows Irueviews are one ofthe ingrtant means of eolecing ifomation and shoul be cared out in a manar ‘ample othe suaton andthe person interviewed, eld! lace face or aoe meen of cortmanialion Hose the aur shoul consider be lowing _— interviews shoul be helt wih person tom appropriate levels ad function perorming alias oasks Win te au scope: — ‘erviows shoud normaly be condited ding normal woking hours and, vhere prac atthe nara \wokolce of he person being interview, 150211 - eps a85 EN SO 19011:2011 IS0 t90tt:2016), = attempt to pute parton ting infervawed a ase pir oan xing he interview hing shoud be explained — ‘terse may Be nate by asking the persons to describ hele work, = the reason forthe inervow and ay note — caret seecon ofthe ye of uesion used (eg, open, ose, leasing questions) _— the rests om he review shoud be summarized andrevewed withthe interviewed person = the inerviewod persons shoul be thanked fr hi patpation ae cooperation, 5.8 Audit findings Determining auatt rnaings ‘ven Soermiing aud facings, the folowing shou be considered = telow-up of previous aus records and eonchisons —reuirements of aut cet = rings exceeding norma practic, or opportune er provement = sample size — torzaton (any ofthe aust tangs; 2 Recording conformites For cords of corfrmiy, the folowing shouldbe considered = enttcaton ote auat cteria agers which conor shows rt vance to suppor conten = declraton of conformity, applicable 8.83 Recording nonconformities Forrezrde of oneontomay, the allowing shou be consicerd = desetpion of rfornce to aust rte = noncontority declaration = att edence — rated aus hangs, appicabe 8.8.4 Dealing with ndings related to multiple criteria During an aud, ts possible to Kently tgs related to utile criteria. Whore an aude isenfes 3 “ining inked fo on earn en 2 combined mic, the ausor shoud conser the poustle impact on he ‘Cerespanang or amar ere oftme oer manager tees Depending on he aangements wih he aut cnt, the ausior may rake ether: — separate tag or ech crtrion oF = sil ning, combining he references to mpl ereria a e100 greeneBS ENISO 19011:2011 180 19071:2011) those nang, (1902011- A ats mad 4“BS EN 0 19011:2011 Iso t90r8:2011€) o a o “ 6 m @ 09) om 2) 13) 4) 3) 8 m 0a) 8) eo) en 2) ea) liography $0 2850-4, Sampling procadurs for inspection by atibuls — Part ¢ Procedure for assessment of cared quay els 'S0 8000-2005, Quality management systems — Fundamentals and vocabulary 180 8001, Quaty management systems — Requirements 150 14003, Envranmental managemant systems — Requirements wih guide for use 150 1400, Emironmenta management — Vocabulry ISONEC 170212011, Conommiy essesament — Requirements for bodies proving sud and Ccatcaton of management systoms 'SONEC 20000-, infomation technology — Service management — Fart 1: Service management {ys requirements 180 22000, Fou safety management systems — Requremants or any crpantzetion a tbo food hain ISoNEC 27000, nfomaon technology — Securty techniques — Infmaton secur management "yloms — Overvow and vocabulary ISON 2700, Ifamaton technology — Secury techniques — Information securly management systems — Reguramante SOC 27002, infomation technology — Secu tectiques — Code of pace for information ‘secury management ISONEC 27008, Information technology — Secunty techniques — Inermationsecury mansgemant ‘stom implemontaton guidance |S0NEC 2700, vormton technology — Securty techniques — Information seculy management — Maesurement | SOHC 27005, formation ecnelogy—Securty techniques — formation secu sk management 180 28000, Specieaion for security management systems forthe supply chain 180 30501, lfoomation and documentation — Management sytem for records — Requirements 180 31000, isk management — Panes and guidelines 180.2900, Road rate safety (RTS) management eyslome — Requtament with guidance fr use 180 50001, Enasy management systems — Requirements with guiterce for use 180 Guide 732008, Risk management— Vocabulary CO}SAS 18001-2007, Occupations heath and afty management systoms — Requirements 160 9001 __Audiing —_—Pracons «Group papers. avalable at ‘lea ait DRASOMNNTAMinaPratcasSeaun 180 soo satonal tuideines? sale * eri oraeDtTauiog 4) Tobe pubes 2) Unerppaon, 4‘henner alt hank. celbeatey eft baneBritish Standards Institution (BSI) (oer en aA Revisions [ech ety dnt on ef en in Se ‘te epee ey fhe noe ade ton ‘uot szaroncay sveibe we ebomro aneonh ‘ohne es oe DESH TON int otetaoun see Buying standards niet ay ohne embigeenconier Ottretqa Bleeneseces a stems err oxo orn se nme tc te SS Bs croup Headquartars raising standards worldwide™ eee ogee) sue stands ion on standards scvreagrts ood Coe Beton enone song hens nappa ae Semi ie ctana toe snake bet ‘eet 0 ea 0 fa set oe et Cet etienneancpeonne Copyright Siete ose Spee ene. Be Sipe ienginaer Enacetecrupcom