Organisations implement management systems for many reasons – to improve business practices, achieve their objectives, better their bottom line and/or develop an edge over competitors. But how do they determine whether they are meeting the objectives and lofty goals they set out to achieve by implementing them in the first place? How do they measure the ongoing success of their system, or systems plural? Find out more below.
There are many different management systems standards. At PwC’s Auditor Training, we cover the three popular systems – Quality, Occupational Health & Safety (OH&S), and Environment, and we also have workshops on the increasingly popular standards – Information Security and Food Safety. However there are a broad range standards covering everything from medical equipment to energy management, spanning both systems and products.
Management system audits (both internal and external) are regularly used to verify that the system is working and meeting the requirements either of a companies own specifications, or an external standard.
But what happens when an organisation uses multiple management systems concurrently?
ISO 19011, Guidelines for auditing management systems, is an international standard that sets the guidelines for auditing management systems. As organisations implement more management systems standards, ISO 19011 offers a singular approach that allows efficient auditing across multiple systems.
Last revised in 2011, ISO 19011 has recently been updated to ensure it continues to provide guidance to address changes in the market and evolving technology across the globe. Its update also reflects the new management system standards that have either been revised or newly published. Specifically, the use of the High Level Structure used in all new management systems requires a risk-based approach to planning for risks and opportunities from an organisational level, considering it’s internal and external issues.
As a result of the broader approach to organisational risks and opportunities, ISO 19011:2018 introduces a new auditing principle:
“Risk-based approach: an audit approach that considers risks and opportunities. The risk-based approach should substantively influence the planning, conducting, and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.”
Additional guidance on the Lifecycle, methods of auditing, performance outcomes and professional judgement are also included in the new standard.
According to Denise Robitaille, Chair of the ISO committee that revised ISO 19011, “Other key changes include the addition of a risk-based approach to the principles of auditing to reflect the enhanced focus on risk in both management standards and in the marketplace.”
“There are tips on auditing risks and opportunities as well as information on applying risk-based thinking to the audit process.”
“In addition, guidance has been expanded in a number of areas such as managing an audit programme and conducting an audit.”
Any new Lead Auditor courses here at PwC incorporate ISO 19011 into the workshop, ensuring you’ve got the most up to date, and practical knowledge to audit management systems.. For more information please call us on 1300 95 96 92.