Audit Definitions

The ISO 19011:2011 audit guidance standard has revised audit definitions, expanded related notes, and added new definitions. Some examples of these changes are described below.

The definition of audit remains: a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Its revised note clarifies that the purpose of an internal audit may be to confirm the effectiveness of the management system or to obtain information for the improvement of the management system. The note adds that in a small organization, independence can be shown by freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.

The definition of audit findings remains: the results of the evaluation of the collected audit evidence against audit criteria. A note states audit findings indicate conformity or nonconformity. A new note under audit findings clarifies that findings can lead to the identification of opportunities for improvement or recording good practices. Another new note says if the audit criteria are selected from legal or other requirements, the audit finding is termed compliance or non-compliance (instead of conformity or nonconformity).

The definition of audit client remains: the organization or person requesting an audit. Its note states that in the case of an internal audit, the audit client can also be the auditee or the person managing the audit program. The note also says requests for external audit can come from sources such as regulators, contracting parties, or potential clients.

The definition of competence was revised to be: the ability to apply knowledge and skills to achieve intended results. The related note states that ability implies the appropriate application of personal behavior during the audit process.

The new definition for guide is: a person appointed by the auditee to assist the audit team. The new definition for observer is: a person who accompanies the audit team but does not audit. Its notes add that an observer is not a part of the audit team and does not influence or interfere with the conduct of the audit. It says an observer can be from the auditee, a regulator, or other interested party who witnesses the audit.

The new definition for management system is: a system to establish policy and objectives and to achieve those objectives. The related note states a management system of an organization can include different management systems, such as a quality management system, a financial management system, or an environmental management system.