ISO 19011:2018 - Guidelines for auditing management systems
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
- ISO Online browsing platform: available at https: //www .iso .org/obp
- IEC Electropedia: available at http: //www .electropedia .org/.
3.1 audit
systematic, independent and documented process for obtaining objective evidence (3.8) and evaluating it objectively to determine the extent to which the audit criteria (3.7) are fulfilled
Note 1 to entry: Internal audits, sometimes called first party audits, are conducted by, or on behalf of, the organization itself.
Note 2 to entry: External audits include those generally called second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customers, or by other individuals on their behalf. Third party audits are conducted by independent auditing organizations, such as those providing certification/registration of conformity or governmental agencies.
[SOURCE: ISO 9000:2015, 3.13.1, modified — Notes to entry have been modified]
3.2 combined audit
audit (3.1) carried out together at a single auditee (3.13) on two or more management systems (3.18)
Note 1 to entry: When two or more discipline-specific management systems are integrated into a single management system this is known as an integrated management system.
[SOURCE: ISO 9000:2015, 3.13.2, modified]
3.3 joint audit
audit (3.1) carried out at a single auditee (3.13) by two or more auditing organizations
[SOURCE: ISO 9000:2015, 3.13.3]
3.4 audit programme
arrangements for a set of one or more audits (3.1) planned for a specific time frame and directed towards a specific purpose
[SOURCE: ISO 9000:2015, 3.13.4, modified — wording has been added to the definition]
3.5 audit scope
extent and boundaries of an audit (3.1)
Note 1 to entry: The audit scope generally includes a description of the physical and virtual-locations, functions, organizational units, activities and processes, as well as the time period covered.
Note 2 to entry: A virtual location is where an organization performs work or provides a service using an on-line environment allowing individuals irrespective of physical locations to execute processes.
[SOURCE: ISO 9000:2015, 3.13.5, modified — Note 1 to entry has been modified, Note 2 to entry has been added]
3.6 audit plan
description of the activities and arrangements for an audit (3.1)
[SOURCE: ISO 9000:2015, 3.13.6]
3.7 audit criteria
set of requirements (3.23) used as a reference against which objective evidence (3.8) is compared
Note 1 to entry: If the audit criteria are legal (including statutory or regulatory) requirements, the words “compliance” or “non-compliance” are often used in an audit finding (3.10).
Note 2 to entry: Requirements may include policies, procedures, work instructions, legal requirements, contractual obligations, etc.
[SOURCE: ISO 9000:2015, 3.13.7, modified — the definition has been changed and Notes to entry 1 and 2 have been added]
3.8 objective evidence
data supporting the existence or verity of something
Note 1 to entry: Objective evidence can be obtained through observation, measurement, test or by other means.
Note 2 to entry: Objective evidence for the purpose of the audit (3.1) generally consists of records, statements of fact, or other information which are relevant to the audit criteria (3.7) and verifiable.
[SOURCE: ISO 9000:2015, 3.8.3]
3.9 audit evidence
records, statements of fact or other information, which are relevant to the audit criteria (3.7) and verifiable
[SOURCE: ISO 9000:2015, 3.13.8]
3.10 audit findings
results of the evaluation of the collected audit evidence (3.9) against audit criteria (3.7)
Note 1 to entry: Audit findings indicate conformity (3.20) or nonconformity (3.21).
Note 2 to entry: Audit findings can lead to the identification of risks, opportunities for improvement or recording good practices.
Note 3 to entry: In English if the audit criteria are selected from statutory requirements or regulatory requirements, the audit finding is termed compliance or non-compliance.
[SOURCE: ISO 9000:2015, 3.13.9, modified — Notes to entry 2 and 3 have been modified]
3.11 audit conclusion
outcome of an audit (3.1), after consideration of the audit objectives and all audit findings (3.10)
[SOURCE: ISO 9000:2015, 3.13.10]
3.12 audit client
organization or person requesting an audit (3.1)
Note 1 to entry: In the case of internal audit, the audit client can also be the auditee (3.13) or the individual(s) managing the audit programme. Requests for external audit can come from sources such as regulators, contracting parties or potential or existing clients.
[SOURCE: ISO 9000:2015, 3.13.11, modified — Note 1 to entry has been added]
3.13 auditee
organization as a whole or parts thereof being audited
[SOURCE: ISO 9000:2015, 3.13.12, modified]
3.14 audit team
one or more persons conducting an audit (3.1), supported if needed by technical experts (3.16)
Note 1 to entry: One auditor (3.15) of the audit team (3.14) is appointed as the audit team leader.
Note 2 to entry: The audit team can include auditors-in-training.
[SOURCE: ISO 9000:2015, 3.13.14]
3.15 auditor
person who conducts an audit (3.1)
[SOURCE: ISO 9000:2015, 3.13.15]
3.16 technical expert
Note 1 to entry: Specific knowledge or expertise relates to the organization, the activity, process, product, service, discipline to be audited, or language or culture.
Note 2 to entry: A technical expert to the audit team (3.14) does not act as an auditor (3.15).
[SOURCE: ISO 9000:2015, 3.13.16, modified — Notes to entry 1 and 2 have been modified]
3.17 observer
individual who accompanies the audit team (3.14) but does not act as an auditor (3.15)
[SOURCE: ISO 9000:2015, 3.13.17, modified]
3.18 management system
set of interrelated or interacting elements of an organization to establish policies and objectives, and processes (3.24) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines, e.g. quality management, financial management or environmental management.
Note 2 to entry: The management system elements establish the organization’s structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those objectives.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
[SOURCE: ISO 9000:2015, 3.5.3, modified — Note 4 to entry has been deleted]
3.19 risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected – positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence and likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (as defined in ISO Guide 73:2009, 3.5.1.3) and consequences (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
[SOURCE: ISO 9000:2015, 3.7.9, modified — Notes to entry 5 and 6 have been deleted]
3.20 conformity
fulfilment of a requirement (3.23)
[SOURCE: ISO 9000:2015, 3.6.11, modified — Note 1 to entry has been deleted]
3.21 nonconformity
non-fulfilment of a requirement (3.23)
[SOURCE: ISO 9000:2015, 3.6.9, modified — Note 1 to entry has been deleted]
3.22 competence
ability to apply knowledge and skills to achieve intended results
[SOURCE: ISO 9000:2015, 3.10.4, modified — Notes to entry have been deleted]
3.23 requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
[SOURCE: ISO 9000:2015, 3.6.4, modified — Notes to entry 3, 4, 5 and 6 have been deleted]
3.24 process
set of interrelated or interacting activities that use inputs to deliver an intended result
[SOURCE: ISO 9000:2015, 3.4.1, modified — Notes to entry have been deleted]
3.25 performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.24), products, services, systems or organizations.
[SOURCE: ISO 9000:2015, 3.7.8, modified — Note 3 to entry has been deleted]
3.26 effectiveness
extent to which planned activities are realized and planned results achieved
[SOURCE: ISO 9000:2015, 3.7.11, modified — Note 1 to entry has been deleted]
.
Copyright © 2021 OSH ISIS