What exactly is an “audit“?
The International Organization for Standardization defines it as:
“[the] systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” – ISO, from ISO 19011:2018 – Guidelines for Auditing Management Systems
That’s another way of saying someone takes a look at what you’re doing, gathers some evidence, and compares that evidence to what you’re supposed to be doing (in other words, a set of clearly documented requirements).
In the case of ISO, these requirements are known as standards. ISO 9001 is a standard. ISO 14001 is a standard.
Importantly, this understanding of audit implies that there are a few main things being considered by the auditor:
- What’s documented by the company (e.g. internal processes, policies, and SOPs)
- Evidence gathered to support how these policies, procedures, and SOPs are implemented in practice
- The requirements defined by the ISO standard being audited against (e.g. ISO 9001)
Audits performed by companies to assess and analyze their own management systems are known as internal audits. Many resources for guiding companies on how to perform internal audits exist, and foremost of these is the ISO 19011 standard.
For most management system standards, internal audits are an important requirement. Even guideline standards like ISO 26000 for social responsibility depend on reports to evidence the success of their implementations.
As such, ISO 19011 defines a set of guidelines; a framework for companies to plan, implement, and improve upon their audit programs, for auditing the implementation of management systems.
Since the first edition of ISO 19011 was published in 2002, many new management system standards have been published.
These standards often share a common structure, including certain requirements, terms, and definitions being used. That means ISO 19011 can be used to devise highly economic audit programs, wherein knowledge and processes can be shared and applied across various management systems.
By considering how they might take a broader approach to management system auditing and integration, companies implementing ISO management systems stand to save time, money, and confusion when preparing for and implementing internal audits.
The goal of this post is to provide a spring-board for understanding ISO 19011, and how to get started with internal ISO auditing. In this post, I’ll cover:
- What is ISO 19011
- 7 principles of ISO auditing
- Different types of ISO audit
- Key elements of an ISO audit
- 8 free ISO audit templates
If you just want the free ISO audit templates, then here they are: