Guidelines for Auditing Management Systems

ISO 19011:2018 - Guidelines for auditing management systems

5 Managing an audit programme

5.2 Establishing audit programme objectives

The audit client should ensure that the audit programme objectives are established to direct the planning and conducting of audits and should ensure the audit programme is implemented effectively. Audit programme objectives should be consistent with the audit client’s strategic direction and support management system policy and objectives.

These objectives can be based on consideration of the following:

a) needs and expectations of relevant interested parties, both external and internal;

b) characteristics of and requirements for processes, products, services and projects, and any changes to them;

c) management system requirements;

d) need for evaluation of external providers;

e) auditee’s level of performance and level of maturity of the management system(s), as reflected in relevant performance indicators (e.g. KPIs), the occurrence of nonconformities or incidents or complaints from interested parties;

f) identified risks and opportunities to the auditee;

g) results of previous audits.

Examples of audit programme objectives can include the following:

- identify opportunities for the improvement of a management system and its performance;

- evaluate the capability of the auditee to determine its context;

- evaluate the capability of the auditee to determine risks and opportunities and to identify and implement effective actions to address them;

- conform to all relevant requirements, e.g. statutory and regulatory requirements, compliance commitments, requirements for certification to a management system standard;

- obtain and maintain confidence in the capability of an external provider;

- determine the continuing suitability, adequacy and effectiveness of the auditee’s management system;

- evaluate the compatibility and alignment of the management system objectives with the strategic direction of the organization.