Principles of Auditing: ISO 19011: 2018 (3rd Edition)

 

He who merely knows right principles is not equal to him who loves them” ― Confucius.

Introduction

Do you ever feel lost, aimless, or a little confused, like you’re sailing through life without a rudder to guide you? But, when we follow the life principles, there is a high possibility that we will be able to use them as anchors for our lives. The principles do not change irrespective of the time and place. The principle of true North implies that wherever you are, integrity, self-discipline, honesty and patience remain the same.     

Read More: https://bit.ly/ISO9001Series

Content: ISO 19011: 2018: Principles of Auditing (Clause 4.0)

  1. What are the Principles of Auditing as per ISO 19011?
  2. What is the purpose of these Principles?
  3. How to effectively implement these principles in auditing?
  4. Conclusion

Objective

ISO 19011: 2018 standard guides the management of an audit programme, on the planning and conducting of management system audits, as well as on the competence and evaluation of an auditor and an audit team.

Once you read this blog, you will understand, What are Principles of Auditing as per ISO 19011, What is the purpose of these Principles and how to effectively implement these principles in auditing.

Read More: https://bit.ly/ISO9001Series

Definition:

ISO 19011: 2018/ISO 9000: 2015

Audit (Cl 3.1): systematic, independent and documented process for obtaining objective evidence (3.8) and evaluating it objectively to determine the extent to which the audit criteria (3.7) are fulfilled

Audit Programme (Cl 3.4): arrangements for a set of one or more audits (3.1) planned for a specific time frame and directed towards a specific purpose

Audit Scope (Cl 3.5): extent and boundaries of an audit (3.1)

Audit Plan (Cl 3.6): description of the activities and arrangements for an audit (3.1)

Audit Criteria (Cl 3.7): a set of requirements (3.23) used as a reference against which objective evidence (3.8) is compared

Audit Findings (Cl 3.10): results of the evaluation of the collected audit evidence (3.9) against audit criteria (3.7)

Competence (Cl 3.22): ability to apply knowledge and skills to achieve intended results.

Read More: https://bit.ly/ISO9004Standard

Detailed Information

In the ISO 19011 series, the latest version is 2018. The details of the 3 versions are as follows.

  • ISO 19011: 2002: 1st Edition
  • ISO 19011: 2011: 2nd Edition
  • ISO 19011: 2018: 3rd Edition

The Standard was revised in 2018 as there was a need to consider a broader approach to management system auditing, as well as providing more generic guidance. Audit results can provide input to the analysis aspect of business planning and can contribute to the identification of improvement needs and activities.

Read More: https://bit.ly/ISO9000Standard

What is ISO 19011: 2018 (As per www.iso.org)

This document provides guidance on auditing management systems, including.

  • the principles of auditing,
  • managing an audit programme,
  • conducting management system audits, as well as
  • guidance on the evaluation of competence of individuals involved in the audit process.

These activities include the individual(s) managing the audit programme, auditors and audit teams.

It applies to all organizations that need to plan and conduct internal or external audits of management systems or manage an audit programme.

The application of this document to other types of audits is possible, provided that special consideration is given to the specific competence needed.

Read More: https://bit.ly/ISOTS9002

Types of Audit:

  1. 1st Party Audit: Internal by the organization
  2. 2nd Party audit: Customer, Supplier
  3. 3rd Party audit: Certification/Accreditation body, Legal Body

Structure of ISO 19011: 2018

  • Clause 4: Principles of Auditing
  • Clause 5: Managing an Audit Programme
  • Clause 6: Conducting an Audit
  • Clause 7: Competence and Evaluation of Auditors

Principles of Auditing (Clause 4.0)

To make audit an effective and reliable tool in support of management policies and controls and to provide information on which an organization can act to improve its performance, there are seven principles related to auditing. They are.

  • Integrity: The foundation of professionalism
    • Ethical, Honest and Responsible.
    • Impartial: Fair, unbiased.
    • Sensitive to undue pressure.
    • Example: Selection and approval of critical suppliers for defence where a lot of kickbacks are possible.
  • Fair Presentation: The obligation to report truthfully and accurately.
    • Report any significant obstacles and unresolved diverging opinions.
    • Communication: Truthful, Accurate, Objective, Timely, Clear and Complete.
    • Example: How often do we trust any government report for any train/plane accident?
  • Due Professional Care: The application of diligence and judgement in auditing
    • Understand the importance of the task and maintain the confidence of the interested parties.
    • Ability to make reasoned judgements in all audit situations.
    • Example: How often based on the internal and external audit, the customer doesn’t conduct their audit and approve the supplier for new business.
  • Confidentiality: Security of information
    • Protection of information.
    • No personal gain or illegitimate use of the audit information.
    • Careful in handling of sensitive or confidential information.
    • Example: New Product Design, New Technology, Business plan, Merger/Acquisition.
  • Independence: The basis for the impartiality of the audit and objectivity of the audit conclusions
    • Free from bias and conflict of interest.
    • For internal audits, auditors should be independent & objective and ensure that the audit findings and conclusions are based only on the audit evidence.
    • For small organizations, ensure to remove bias and encourage objectivity.
    • Example: Do not audit your own process, do not issue more finding/no finding to one process due to rivalry/friendship. Insider trading!
  • Evidence-based Approach: The rational method for reaching reliable and reproducible audit conclusions in a systematic audit process.
    • Verifiable evidence.
    • Systematic sampling.
    • Invoke confidence in the audit conclusions.
    • Example: Whether training was conducted or only training records were made! Objective evidence should include the name of the person, process, date, file number, revision number, part name/number, and location.
  •  Risk-based Approach: An audit approach that considers risks and opportunities.
    • Focus on the matters of significance.
    • Achieve audit programme objectives.
    • Example: Major customer complaint, product recall from market, business loss, technology gap

Read More: http://bit.ly/VariableAttributeControlChart

Conclusion:

The auditing principles as per ISO 19011 offer the following to the customer, supplier and all relevant interested parties,

  • Confidence
  • Trust
  • Reliability
  • Acceptance

 Read More: https://bit.ly/ISO19011-2018Auditing

References:

ISO 19011: 2018

ISO 9001: 2015

ISO 9000:2015

ISO/TS 9002: 2016

ISO 9004: 2018

IATF 16949: 2016

Industry Experts

This is the 196th article of this Quality Management series. Every weekend, you will find useful information that will make your Management System journey Productive. Please share it with your colleagues too.

In the words of Albert Einstein, “The important thing is never to stop questioning.” I invite you to ask anything about the above subject. Questions and answers are the lifeblood of learning, and we are all learning. I will answer all questions to the best of my ability and promise to keep personal information confidential.

Your genuine feedback and response are extremely valuable. Please suggest topics for the coming weeks.

5 1 vote
Article Rating