ISO 19011:2018 Released July 2018

Sidney Vianna

Post Responsibly
Leader
Admin

xfngrs

Quite Involved in Discussions
Denise Robitaille also has a webinar on Omnex's main webpage. You can create an ID and password and listen to it.
 

Sidney Vianna

Post Responsibly
Leader
Admin
From the press release: “...Other key changes in the 2018 version include the addition of a risk-based approach to the principles of auditing to reflect the enhanced focus on risk in both management standards and in the marketplace,” she said.

“There are tips on auditing risks and opportunities as well as information on applying risk-based thinking to the audit process...."

I know of, at least, one global CB which released a RISK BASED CERTIFICATION protocol, back in 2004.;)

But, at the end of the day, for many people, a certificate is a certificate is a certificate...
 

Sidney Vianna

Post Responsibly
Leader
Admin
The risk-based approach principle in 19011:2018 states:

The risk-based approach should substantially influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the audit client and for achieving the audit programme objectives

In the 3rd party auditing certification scenario, most registrants are interested in the certificate (to satisfy customer/contractual requirements). Since, in that scenario, the audit client is also the registrant, there is an OBVIOUS conflict, as the organization does not want to disclose to the CB auditors the QMS "skeletons in the closet" and expose the biggest challenges in terms of product conformity and customer satisfaction.

I wish the people involved with the revision of ISO 19011 would explain why they did not follow the "expanded scope" of the ISO HLS and made the risk-based approach to include other interested parties. Something such as

The risk-based approach should substantially influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the audit client and other interested parties as well as for achieving the audit programme objectives
 
Last edited:

AndyN

Moved On
The risk-based approach principle in 19011:2018 states:



In the 3[sup]rd[/sup] party auditing certification scenario, most registrants are interested in the certificate (to satisfy customer/contractual requirements). Since, in that scenario, the audit client is also the registrant, there is an OBVIOUS conflict, as the organization does not want to disclose to the CB auditors the QMS "skeletons in the closet" and expose the biggest challenges in terms of product conformity and customer satisfaction.

Added to which, the qualification (Lead Auditor) of a CB auditor isn't going to be on the radar screen of any C suite professional - which will disbar all but the best auditors from talking "risk"...
 
Last edited:

xfngrs

Quite Involved in Discussions
This may be off topic but it is about 19011:2018. I am a little confused by the Virtual Audit information. Originally our certification company told us Virtual or Remote audits would no longer be allowed at all for the new IATF. I haven't actually seen that anywhere. Now 19011 comes out referencing them and how to handle them. Are they talking about auditing Virtual organizations? Or are they talking about the ability to remote audit some parts of an audit...i.e. the documents for the process. And is this just for ISO 9001 or does it apply to IATF and other specialized industries as well?
 

Sidney Vianna

Post Responsibly
Leader
Admin
It would be extremely unlikely that the IATF would approve anything outside the traditional audit protocol of on site, face to face audits.

Remember, the IATF process for CB approval is outside the traditional IAF, ISO 17021 based accreditation mechanism.
 

AndyN

Moved On
This may be off topic but it is about 19011:2018. I am a little confused by the Virtual Audit information. Originally our certification company told us Virtual or Remote audits would no longer be allowed at all for the new IATF. I haven't actually seen that anywhere. Now 19011 comes out referencing them and how to handle them. Are they talking about auditing Virtual organizations? Or are they talking about the ability to remote audit some parts of an audit...i.e. the documents for the process. And is this just for ISO 9001 or does it apply to IATF and other specialized industries as well?

In a technical sense, ISO 19011 doesn't apply to CBs (any longer). They have the ISO/IEC 17021 series which guides their audits etc.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Indeed, the 2018 Edition of ISO 19011 even states the following:
This document concentrates on internal audits (first party) and audits conducted by organizations on their external providers and other external interested parties (second party)

In other words, as Andy mentioned, ISO 19011:2018 is no longer intended to address the needs of 3rd party auditors.
 
Top Bottom