In a nutshell, ISO 19011:2002 provides effective guidance on the conduct of internal or external quality and/or environmental management system audits, as well as on the management of audit programs as required by both ISO 9001:2000 and ISO 14001:1996. Intended users of ISO 19011 include auditors, organizations implementing quality and/or environmental management systems and organizations involved in auditor certification or training, certification/registration of management systems, accreditation or standardization in the area of conformity assessment.

The group of experts that created ISO 19011 has worked diligently to ensure that the standard is flexible and can apply to a range of potential users. Its clauses and requirements break down into seven clauses:

• Clauses 1, 2 and 3 deal with scope, normative references and terms and definitions respectively.
• Clause 4 describes the principles of auditing.
• Clause 5 provides guidance on establishing and managing audit programs. Issues such as assigning responsibility for managing audit programs, establishing the objectives, coordinating auditing activities and providing sufficient audit team resources are addressed here.
• Clause 6 contains guidance on conducting quality and/or environmental management system audits, including the selection of audit teams.
• Clause 7 provides guidance on auditor competence. It outlines the knowledge and skills needed to be competent to conduct an audit and provides guidance on the personal attributes needed to be an auditor, such as education, work experience, auditor training and audit experience that are indicators of whether a person has acquired the appropriate knowledge and skills. It also outlines a process for the evaluation of auditors.

Of course, the concept behind ISO 19011 is integrated auditing, which can lead to tremendous benefits for an organization if done properly. This type of auditing can be the most cost-effective way to audit an organization now and in the future. Where quality and environmental management systems are implemented together, ISO 19011 can be used to conduct joint audits with enhanced results. However, it is at the discretion of the user whether audits are conducted separately or together.

ISO 19011 doesn’t have specific guidance for internal audits of ISO 9001:2000 or ISO 14001:1996. It is a generic document that offers guidelines for all types of auditing, including other management system audits such as OHSAS 18001. Its guidance also can be used to monitor conformance to other requirements as well, such as product specifications or laws and regulations.

ISO 19011:2002 content includes generic guidance on the following topics:

• Principles of auditing
• Managing an audit program
• Audit program implementation, monitoring and reviewing
• Initiating the audit
• Appointing the audit team leader and establishing the audit team
• Defining audit objectives, scope and criteria
• Determining the feasibility of the audit
• Establishing initial contact with the auditee
• Conducting document review
• Preparing the audit
• Conducting the opening meeting
• Communication during the audit

• Collecting and verifying information
• Generating audit findings
• Conducting closing meeting
• Preparing, approving and distributing the audit report
• Conducting audit follow-up
• Competence of auditors