Guidelines for Auditing Management Systems

ISO 19011:2018 - Guidelines for auditing management systems

5 Managing an audit programme

5.5 Implementing audit programme

5.5.7 Managing and maintaining audit programme records

The individual(s) managing the audit programme should ensure that audit records are generated, managed and maintained to demonstrate the implementation of the audit programme. Processes should be established to ensure that any information security and confidentiality needs associated with the audit records are addressed.

Records can include the following:

a) Records related to the audit programme, such as:

- schedule of audits;

- audit programme objectives and extent;

- those addressing audit programme risks and opportunities, and relevant external and internal issues;

- reviews of the audit programme effectiveness.

b) Records related to each audit, such as:

- audit plans and audit reports;

- objective audit evidence and findings;

- nonconformity reports;

- corrections and corrective action reports;

- audit follow-up reports.

c) Records related to the audit team covering topics such as:

- competence and performance evaluation of the audit team members;

- criteria for the selection of audit teams and team members and formation of audit teams;

- maintenance and improvement of competence.

-The form and level of detail of the records should demonstrate that the objectives of the audit programme have been achieved.