ISO 19011:2018 - Guidelines for auditing management systems

Annex A

(informative)

Additional guidance for auditors planning and conducting audits

A.1 Applying audit methods

An audit can be performed using a range of audit methods. An explanation of commonly used audit methods can be found in this annex. The audit methods chosen for an audit depend on the defined audit objectives, scope and criteria, as well as duration and location. Available auditor competence and any uncertainty arising from the application of audit methods should also be considered. Applying a variety and combination of different audit methods can optimize the efficiency and effectiveness of the audit process and its outcome.

Performance of an audit involves an interaction among individuals within the management system being audited and the technology used to conduct the audit. Table A.1 provides examples of audit methods that can be used, singly or in combination, in order to achieve the audit objectives. If an audit involves the use of an audit team with multiple members, both on-site and remote methods may be used simultaneously.

NOTE Additional information on visiting physical locations is given in A.15.

The responsibility of the effective application of audit methods for any given audit in the planning stage remains with either the individual(s) managing the audit programme or the audit team leader. The audit team leader has this responsibility for conducting the audit activities.

The feasibility of remote audit activities can depend on several factors (e.g. the level of risk to achieving the audit objectives, the level of confidence between auditor and auditee’s personnel and regulatory requirements).

At the level of the audit programme, it should be ensured that the use of remote and on-site application of audit methods is suitable and balanced, in order to ensure satisfactory achievement of audit programme objectives.