| The latest version of the ISO19011 "Guidelines for | | | | - Environmental |
| Auditing Management Systems" is due to be published | | | | - Information Security |
| next year. Users of this standard will note that the title, | | | | - Resilience, Security, Preparedness and Continuity |
| which was "Guidelines of quality and/or environmental | | | | (RSPC) |
| management systems auditing" now reflects the need | | | | - Transportation Safety |
| to audit ALL management systems, and not just | | | | One revolutionary part deals with distance or remote |
| quality and environmental systems. | | | | auditing by video or telephone link. A marked change |
| Providers of Internal Audit Courses have concentrated | | | | and one recognising the use of technology to reduce |
| predominately on Quality and Environmental | | | | travel times and maximise auditor resource usage. |
| management systems, but it is becoming clear that | | | | Where sampling of systems takes place, e.g where it |
| 18001 (the Health and Safety Standard), ISO27001 (the | | | | is not practical nor cost effective to examine 100% of |
| Information Security Standard), ISO20001 (The IT | | | | the items, a representative sample of the population |
| Service Management Standard) plus the automotive | | | | may be used to provide sufficient evidence that the |
| Standard TS 16949 and the Aerospace Standard | | | | sample is truly representative of the whole population. |
| AS9100 and many others are featuring more and | | | | Annex C provides an informative strategy for auditors. |
| more. These need to be audited on a regular basis. | | | | This section also recognises that the "Auditor's nose" |
| Our own internal auditing course will be updated to | | | | can be used to choose a sample based on size, |
| reflect these changes, once the standard is published. | | | | selection, methodology and previous experience. |
| The new auditing Standard focuses far more on RISK, | | | | Where extensive sampling is required the Standard |
| including the risk of not carrying out audits correctly, | | | | refers the reader to Sampling Plan Standards (e.g. ISO |
| either through inappropriately defined audit objectives, | | | | 2859) |
| insufficient competence of auditors or inadequate risk | | | | And finally there is far more emphasis on the |
| evaluation methods. | | | | evaluation of auditors/team leaders to ensure |
| Competence of auditors in the Standards being | | | | competence, skills, knowledge and personal behaviour. |
| audited features in the new annex A to 19011 and | | | | This update is well overdue as the original standard |
| details the discipline- specific knowledge and skills of | | | | was produced in 2002 and we can look forward to its |
| auditors for: | | | | publication in 2011. |
| - Quality | | | | |