Guidelines for Auditing Management Systems

ISO 19011:2018 - Guidelines for auditing management systems

5 Managing an audit programme

5.5 Implementing audit programme

5.5.5 Assigning responsibility for an individual audit to the audit team leader

The individual(s) managing the audit programme should assign the responsibility for conducting the individual audit to an audit team leader.

The assignment should be made in sufficient time before the scheduled date of the audit, in order to ensure the effective planning of the audit.

To ensure effective conduct of the individual audits, the following information should be provided to the audit team leader:

a) audit objectives;

b) audit criteria and any relevant documented information;

c) audit scope, including identification of the organization and its functions and processes to be audited;

d) audit processes and associated methods;

e) composition of the audit team;

f) contact details of the auditee, the locations, time frame and duration of the audit activities to be conducted;

g) resources necessary to conduct the audit;

h) information needed for evaluating and addressing identified risks and opportunities to the achievement of the audit objectives;

i) information which supports the audit team leader(s) in their interactions with the auditee for the effectiveness of the audit programme.

The assignment information should also cover the following, as appropriate:

- working and reporting language of the audit where this is different from the language of the auditor or the auditee, or both;

- audit reporting output as required and to whom it is to be distributed;

- matters related to confidentiality and information security, as required by the audit programme;

- any health, safety and environmental arrangements for the auditors;

- requirements for travel or access to remote sites;

- any security and authorization requirements;

- any actions to be reviewed, e.g. follow-up actions from a previous audit;

- coordination with other audit activities, e.g. when different teams are auditing similar or related processes at different locations or in the case of a joint audit.

Where a joint audit is conducted, it is important to reach agreement among the organizations conducting the audits, before the audit commences, on the specific responsibilities of each party, particularly with regard to the authority of the team leader appointed for the audit.

During the audit, information relevant to the audit objectives, scope and criteria, including information relating to interfaces between functions, activities and processes should be collected by means of appropriate sampling and should be verified, as far as practicable.