The new International norm ISO 19011:2018 for the auditing of management systems has been published. ISO 19011:2018 describes the principles of auditing, the management of an audit program and the execution of management system audits.

Based on the High Level Structure, the new generation ISO management system standards is focussing on the content of the organisation and her intern and extern processes, the integration of management systems, the importance of risk management ,the involvement of top management and the overall effectivity of several management systems.

In ISO 19011:2018 the approach is less prescriptive, the demanded generic competences for auditors are extended and the guidelines regarding the management of the audit programs are enlarged.
The most important addition to the ISO 19011:2018 is the risk based approach. The high level structure expects that the audit planning is made, based on the risks and the opportunities any organisation experiences. The final aim of the audit process regarding management systems is to add value for the concerning organisation.

What are the exact changes in comparison to the earlier version?

  • The risk based approach for managing and the execution of audits, where the focus lies on the risks and opportunities. This applies to both the market for management system norms as well as the market in which the organisations are active.
  • Guidelines for the management of audit programs are enlarged, especially for the checks regarding the program risks.
  • Audit prove will now be seen as objective proof. It becomes information that can be verified to a minimum extent, in stead of information that can be verified.
  • Guidelines regarding the lifecycle, methods of auditing, virtual audits, professional judgements and performance results.
  • A less prescriptive approach, mostly in regards of documented prove of the audit process.
  • The informative appendix (A) has been removed. Appendix (B) has been extended to give detailed guidelines for audit concepts, such as: leadership & involvement, risk management, compliance management and supply chain management.

Would you like to receive more information regarding the ISO 19011:2018 and/or the application of this norm within the process of certification, than you can contact us during office hours via tel. (+31)723030310 or send an e-mail to