Risk-based thinking permeates most management standards and has become a hallmark of  ISO 9001:2015. Consistent with this magnified focus, the developers of the 2018 revision to ISO 19011 infused a similar level of importance for the consideration of risk into “Guidelines for auditing management systems”. They began by introducing a new auditing principle: “Risk-based approach: an audit approach that considers risks and opportunities”. 

The same guidance that is applied to identifying the internal and external factors that affect an organization’s ability to meet its goals is easily transferable to the auditing process. What issues engender risk for the effectiveness of an audit? What risks could cause potential harm either to the auditor or the auditee? Who will be affected by the outcome of an audit? 

In addition to the risks inherent in the process, the standards developers also included an annex that provides guidance on how to audit the management system requirements related to risks and opportunities. 

This session will present information from ISO 19011:2018 relating to:  

• Risk-based approach auditing principle 

• Risks related to: planning, conducting and reporting  
• Methods of auditing an organization’s processes relating to risks and opportunities