SESSION 9

The Content
SESSION 9: INTRODUCTION TO ISO 19011:
2018
Auditing Management Systems ISO 19011: 2018

Principles Framework Processes

PDCA Cycle  Scope

 Normative reference
 Terms and definitions
 Auditing principles
 Managing audit program
 Performing an audit
 Competence and evaluation
of auditors
 Annexure A
 Annexure B

Session 9
 ISO 19011: 2018 Structure
 Scope
 Normative references
 Terms and definitions
 Principles of auditing
 Managing an audit program
 Audit activities
 Competence and evaluation of auditors

Session 9
 Audit
 Audit is a systematic, independent and documented
process
 Establishing criteria is one of the important aspects of
the audit process
 During the audit process objective evidences are
obtained by the individuals who are managing audit
process or program
 Audit evidence are evaluated against audit criteria
objectively to determine the extent to which the audit
criteria are fulfilled
Session 9
 Audit Types
 Internal Audits/First-party Audits
When an organization prefers to do its own audit either using their own auditors or
external auditors to perform their internal audits
 External Audit/Second-party Audits
Suppliers audit, either performed by the auditors of the organization directly or by
hiring external auditors
 External audit/Third-party Audits
These audits are performed by independent auditing organization, like registrar or
regulators

Session 9
 Audit Evidence
 A verifiable document (records, statement of
fact or other information), which is
qualitatively or quantitatively relevant to the
audit criteria
 A pressure test report, NCR, CAR,
management review records, customer
complaints, customer satisfaction record, data
analysis record, metrics
 Is subject to some degree of verification

Session 9
 Audit Criteria
 Audit criteria is established during audit process
 A set of requirements used as a reference against
which the objective evidence is compared
 Auditable standards, company policies, objectives,
plans, strategies, structure, system (processes,
procedures, practices), Legal requirements, technical
standards & codes, customer specifications, etc.

Session 9
 Audit Evaluation

 Compare audit finding with audit

criteria, a decision to ensure that
audit evidence collected against
criteria is correct and its significance
(risk or opportunity, major or minor)

Session 9
 Audit Finding

 The results of the evaluation of the

collected audit evidence against
audit criteria is defined as audit
finding
 Examples: established risk or
opportunity, management system
requirements-conformity or
nonconformity, Legal requirements -
compliance or noncompliance

Session 9
 Audit Outcomes
 The outcomes of an audit after consideration of the audit objectives and all the
audit findings
 A set of all the audit findings after consideration of audit objectives
 A review of these findings will determine the suitability, adequacy, effectiveness
and efficiency of the management system. This auditor's final opinion about the
management system or legal requirements or technical requirements or policies
or objectives or procedures or good practices or strategies

Session 9
 Audit Team
 Group of auditors
 Group of sector experts/Technical experts/
Consultants/Advisors
 Observers (those who only monitors the
audit process)
 Guide appointed by auditee to facilitate
auditors during audit process
 If required for support, a group of sector
experts/Technical experts/Consultants/Advisors
who work as directed by audit team leader

Session 9
 Audit Scope
 Width and depth of the audit
 Width of the audit determines the description of
physical location and boundaries where audit is to
be performed and covering organizational units
(Organization may have more than one unit)
 Depth of the audit will determine the extent of the
audit, how far the auditor has investigated the
management system, processes, activities, tasks
 The width and depth of the audit will determine
the time period required to complete the audit
Session 9
 Audit Program

 Arrangements for a set of audit(s)

planned for a specific timeframe and
directed towards specific purposes

 The audit program objectives are

determined by the audit client

Session 9
Audit Plan

 Description, sequence, arrangements

of the audit activities, including,
resources, performance criteria
(measurement criteria, evaluation)
schedule of activities, identification
of auditors and auditees

Session 9
Principles of Auditing

 Integrity
 Fair presentation
 Due professional care
 Confidentiality
 Independence if practicable
 Evidence-based approach
 Risk-based approach

Session 9
ISO 19011: 2018 (Clause 6) Performing an Audit
6.2 Initiating the Audit

6.3 Preparing Audit

Activities

6.4 Conducting the Audit

Activities

6.5 Preparing and

Distributing Audit Report

6.6 Completing the Audit

6.7 Conducting Audit

Follow-up

Session 9
 Desired Personality Attributes
SN Characteristics Description
1 Ethical Fair, honest
2 Open-minded Willing to listen to others
3 Diplomatic Tactful in dealing with people
4 Observant Actively monitoring surroundings
5 Versatile Adaptable to different situations
6 Tenacious Persistent
7 Decisive Reaching to conclusion quickly
8 Self-reliant Able to function independently (considering practicability)
9 Acting with fortitude Acting responsibly
10 Open to improvement Willing to learn
11 Collaborative Effectively interacting with others

Session 9
S ES S I O N 1 0
The Content
Initiating the Audit
 Establishing Initial Contact with the Auditee
Responsibility: Lead Auditor
Purpose:
 Initiate communication channels with auditee person responsible for audit.
 Confirm the authority to conduct audit
 Provide information with respect to objectives, scope, methodology, audit team, including technical
expert and guides, translators
 Request access to relevant documented information and records for audit planning
 Determine applicable laws, contractual requirements
 Agree with the audit extent of disclosure of documented information and confidentiality issues
 Ask for any specific requirements, area of concerns, access requirements, guides, interpreters and
observers
 Determine any areas of interest, concerns or risks to the auditee in relation to a specific audit

Session 10
 Determine Feasibility of the Audit
Responsibility: Lead auditor, to ensure that audit
objectives will be achieved
Take into consideration:
 Sufficient and appropriate information is
available for planning and conducting the audit
 Adequate cooperation throughout the audit life
cycle
 Adequate time to perform the audit
 Availability of adequate resources to perform
the audit

Session 10
 Review of Documented Information
Responsibility: Program Manager/Audit Team
Purpose:
To gather information to prepare, audit plan, checklist, and to make an assessment on how effectively
MSS has been developed, implemented, monitored and improved
 Documentation relevant to planning.
 Procedures
 Documented information like last audit report, internal audit report, suppliers audit report,
management review report, and others as appropriate

Review of documented information should take into account the context of the organization, size,
nature, complexity, risk & opportunities of the auditee’s management system and organization,
objectives and scope

Session 10
 Review of Documented Information- Why
 Documented information covers the scope of
work and provides detailed information on how
the management system is designed and
developed
 It supports the audit objectives
 It can provide an indication of the document
control system of the organization or auditee
 It will provide information about the maturity of
the management system
 It will provide risk associated with product,
service and processes during the life cycle of the
product and service

Session 10
Review of Documented Information- What to Consider

That information provided are correct, accurate, and

Ensure
complete.

Ensure That the information are consistent.

Ensure That documents are current.

Session 10
 Preparing Audit Plan
Responsibility: Audit Team leader
Purpose:
 It is a mutually agreed document between audit
client, audit team and auditee
 It facilitates efficient scheduling and coordination
While audit planning takes into consideration:
 Sampling technique
 Composition of the audit team and their
cumulative knowledge
 The risk associated to the organization
(contamination, accident)
Session 10
 Preparing Audit Plan
Audit plan contents:
 Audit objectives.
 Audit scope with clear identification of organizational and
functional units and processes
 Audit criteria
 Location, date and time
 Audit methodology/techniques including sampling.
 Auditee representative
 Communication arrangements
 Confidentiality
 Roles and responsibilities of audit team, auditee including,
experts, interpreters and guides
 Follow up

It is a good practice to take approval of the audit plan from

program manager as well the audit client.
Session 10
 Assigning Responsibilities to Audit Team

Responsibility: Audit team jointly decides

Briefing by the team leader prior to the audit

Session 10
 Selecting Audit Team

Team size and competence depends on:

 The audit objectives, criteria and duration
 Competence of the team to meet objectives
 Statutory, regulatory, contractual,
accreditation/certification requirements
 Team’s objectivity and impartiality

Session 10
 Audit Team Members’ Roles

 Team leader
 Team members
 Sector Experts
 Observers
 Interpreters

Session 10
 Lead Auditor Responsibilities
 Prepare the audit plan
 Assign team roles
 Brief the team
 Review working documented information to ensure adequacy
 Chair the closing meeting
 Report nonconformities
 Report any major obstacles encountered during the audit
 Make final decisions for all phases of the audit
 Submit the audit report
 Manage risk
 Deal with internal and external issues
 Understanding the auditee’s context and business activities
Session 10
 Team Members’ Responsibilities

 Review all relevant information related to their assigned tasks

 Prepare any work documented information (including
checklists) necessary to carry out those tasks
 Comply with the audit requirements
 Carry out assigned duties effectively and efficiently
 Report deficiencies and audit findings to the Team Leader
 Cooperate and support the Team Leader

Session 10
Preparing Documented Information for Audit
Responsibility: Audit team
Purpose:
 Reference documented information
 Recording evidence
Documented information to be prepared:
 Checklist
 Sampling plan
 CAR form
 Attendance sheet
 Audit report format
Session 10
 Audit Checklist
 A systematic sequential set of audit
questions extracted from the
documented information review during
pre-audit activity.

 Checklist is based on
• Processes
• Relevant Procedures
• Documented information in use
• Requirements of ISO 50001

Session 10
Advantages of Checklist

 Sequence Guide to the auditor

 Auditing tool
 An aid to the auditor to control the depth
of the audit
 An aid to the auditor to control the pace
of the audit
 A means of recording responses by
auditees

Session 10
Limitations of Checklist

 The checklist may hold back initiative and

analysis of the process or procedure

 The checklist may prevent the auditor

from investigating significant incidents
because they were not on the checklist

Session 10