ISO 19011: 2018 (3rd Edition): Guidelines for Auditing Management Systems

Management works in the system; Leadership works on the system” ― Stephen Covey


Knowingly or unknowingly, we have a habit of checking what is happening right or wrong. It can be at home, office, metro, railway station, airport or maybe how other people are driving their vehicles. Sometimes we become too critical and start criticising the wrong things happening around us (unsafe environment, dirty floors, zigzag traffic, foul language). But we do not realise that unless we do something systematically about it, nothing will change and it will only discharge my energy.

Read More:

Content: ISO 19011: 2018

  1. What is ISO 19011?
  2. What is the purpose of ISO 19011?
  3. What are the different clauses of ISO 19011 for auditing management systems?
  4. Conclusion


ISO 19011: 2018 standard guides the management of an audit programme, on the planning and conducting of management system audits, as well as on the competence and evaluation of an auditor and an audit team.

Once you read this blog, you will understand, what is ISO 19011: 2018, what is its purpose and how organizations can effectively understand and implement its intent effectively.  

Read More:


ISO 19011: 2018/ISO 9000: 2015

Audit (Cl 3.1): systematic, independent and documented process for obtaining objective evidence (3.8) and evaluating it objectively to determine the extent to which the audit criteria (3.7) are fulfilled

Audit Programme (Cl 3.4): arrangements for a set of one or more audits (3.1) planned for a specific time frame and directed towards a specific purpose

Audit Scope (Cl 3.5): extent and boundaries of an audit (3.1)

Audit Plan (Cl 3.6): description of the activities and arrangements for an audit (3.1)

Audit Criteria (Cl 3.7): a set of requirements (3.23) used as a reference against which objective evidence (3.8) is compared

Audit Findings (Cl 3.10): results of the evaluation of the collected audit evidence (3.9) against audit criteria (3.7)

Competence (Cl 3.22): ability to apply knowledge and skills to achieve intended results.

Read More:

Detailed Information

In the ISO 19011 series, the latest version is 2018. The details of the 3 versions are as follows.

  • ISO 19011: 2002: 1st Edition
  • ISO 19011: 2011: 2nd Edition
  • ISO 19011: 2018: 3rd Edition

The Standard was revised in 2018 as there was a need to consider a broader approach to management system auditing, as well as providing more generic guidance. Audit results can provide input to the analysis aspect of business planning and can contribute to the identification of improvement needs and activities.

Read More:

What is ISO 19011: 2018 (As per

This document provides guidance on auditing management systems, including.

  • the principles of auditing,
  • managing an audit programme,
  • conducting management system audits, as well as
  • guidance on the evaluation of competence of individuals involved in the audit process.

These activities include the individual(s) managing the audit programme, auditors and audit teams.

It applies to all organizations that need to plan and conduct internal or external audits of management systems or manage an audit programme.

The application of this document to other types of audits is possible, provided that special consideration is given to the specific competence needed.

Read More:

Types of Audit:

  1. 1st Party Audit: Internal by the organization
  2. 2nd Party audit: Customer, Supplier
  3. 3rd Party audit: Certification/Accreditation body, Legal Body

Structure of ISO 19011: 2018

  • Clause 4: Principles of Auditing
  • Clause 5: Managing an Audit Programme
  • Clause 6: Conducting an Audit
  • Clause 7: Competence and Evaluation of Auditors

Structure of ISO 19011: 2018 Standard

Clause No. ISO 19011: 2018

Principles of Auditing

To make audit an effective and reliable tool in support of management policies and controls and to provide information on which an organization can act to improve its performance, there are seven principles related to auditing. They are.

1.        Integrity: the foundation of professionalism

2.       Fair presentation: the obligation to report truthfully and accurately.

3.       Due professional care: the application of diligence and judgment in auditing

4.       Confidentiality: security of information

5.       Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions

6.       Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a systematic audit process.

7.       Risk-based approach: an audit approach that considers risks and opportunities


Managing an Audit Programme

5.1: General

5.2: Establishing audit programme objectives (Plan)

5.3: Determining and evaluating audit programme risks and opportunities

5.4: Establishing the audit programme

              5.4.1: Roles and responsibilities of the individual(s) managing the

               audit programme.

              5.4.2: Competence of individual(s) managing audit programme.

              5.4.3: Establishing the extent of the audit programme.

              5.4.4: Determining audit programme resources.

5.5: Implementing audit programme (Do)

              5.5.1: General

              5.5.2: Defining the objectives, scope and criteria for an individual


              5.5.3: Selecting and determining audit methods.

              5.5.4: Selecting audit team members.

              5.5.5: Assigning responsibility for an individual audit to the audit

               team leader.

              5.5.6: Managing audit programme results.

              5.5.7: Managing and maintaining audit programme records.

5.6: Monitoring audit programme (Check)

5.7: Reviewing and improving audit programme (Action)


Conducting an Audit

6.1: General

6.2: Initiating Audit (Plan)

              6.2.1: General

              6.2.2: Establishing Contact with Auditee

              6.3.3: Determining Feasibility of Audit.

6.3: Preparing Audit Activities

              6.3.1: Performing review of documented information.

              6.3.2: Audit planning: Risk-based approach to planning, Audit   

                planning details

              6.3.3: Assigning work to the audit team.

              6.3.4: Preparing documented information for audit.

6.4: Conducting Audit Activities (Do)

              6.4.1: General

              6.4.2: Assigning roles and responsibilities of guides and


              6.4.3: Conducting opening meeting.

              6.4.4: Communicating during audit.

              6.4.5: Audit information availability and access.

              6.4.6: Review documented information while conducting the audit.

              6.4.7: Collecting and verifying information.

              6.4.8: Generating audit findings.

6.4.9: Determining audit conclusions: Preparation for closing meeting, Content of audit conclusions.

              6.4.10: Conducting closing meeting.

6.5: Preparing and distributing audit report

              6.5.1: Preparing audit report.

              6.5.2: Distributing audit report.

6.6: Completing audit (Check)

6.7: Conducting audit follow-up (Action)


Competence and Evaluation of Auditors

7.1: General

7.2: Determining Auditor Competence (Plan)

              7.2.1: General

              7.2.2: Personal behaviour

              7.2.3: Knowledge and skills: Generic knowledge and skills of

               management system auditors, Discipline and sector-specific  

               competence of auditors, Generic competence of audit team leader,

               Knowledge and skills for auditing multiple disciplines.

              7.2.4: Achieving auditor competence.

              7.2.5: Achieving audit team leader competence.

7.3: Establishing auditor evaluation criteria

7.4: Selecting the appropriate auditor evaluation method

7.5: Conducting auditor evaluation (Do)

7.6: Maintaining and improving auditor competence (Check and Action)

Read More:


ISO 19011 offers guidance on every step of auditing a management system or audit program, including.

  • Defining program objectives
  • Completing the audits needed
  • Reviewing the results and process

Read More:


ISO 19011: 2018

ISO 9001: 2015

ISO 9000:2015

ISO/TS 9002: 2016

ISO 9004: 2018

IATF 16949: 2016

Industry Experts

This is the 195th article of this Quality Management series. Every weekend, you will find useful information that will make your Management System journey Productive. Please share it with your colleagues too.

In the words of Albert Einstein, “The important thing is never to stop questioning.” I invite you to ask anything about the above subject. Questions and answers are the lifeblood of learning, and we are all learning. I will answer all questions to the best of my ability and promise to keep personal information confidential.

Your genuine feedback and response are extremely valuable. Please suggest topics for the coming weeks.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments