GB/T 19011-2021 English PDFUS$694.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 19011-2021: Guidelines for auditing management systems Status: Valid GB/T 19011: Historical versions
Basic dataStandard ID: GB/T 19011-2021 (GB/T19011-2021)Description (Translated English): Guidelines for auditing management systems Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: A00 Word Count Estimation: 38,349 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 19011-2021: Guidelines for auditing management systems---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.National Standards of People's Republic of China Replace GB/T 19011-2013 Management System Audit Guide State Administration for Market Regulation Released by the National Standardization Administration Committee 1 ScopeThis document provides guidance on management system audits, including audit principles, audit program management and management system audit implementation, and evaluation Guidance on the competencies of those involved in the review process: These activities involve audit program managers, auditors and audit teams: This document is applicable to all organizations that need to plan and implement internal audits, external audits of management systems or that require a management audit programme: This document may also be applied to other types of audits, provided that special consideration is given to the specific competencies required:2 Normative reference documentsThis document has no normative references:3 Terms and definitionsThe following terms and definitions apply to this document:4 Audit PrinciplesThe audit is characterized by its adherence to several principles: These principles help make audits effective and reliable in supporting management policies and controls: tools and provide organizations with information that can improve their performance: Following these principles is a prerequisite for drawing relevant and adequate audit conclusions: It is also a prerequisite for auditors working independently to draw similar conclusions under similar circumstances: The guidance given in Chapters 5 to 7 is based on the following 7 principles: a) Honesty and integrity: the foundation of the profession: Auditors and audit program managers should: ---Carry out their work with honesty and responsible ethics; ---Only undertake audit activities that you are capable of doing; --- Carry out work with an impartial attitude, that is, remain fair and unbiased in all matters; --- During the review, remain alert to any factors that may affect their judgment: b) Fair presentation: the obligation to report truthfully and accurately: Audit findings, audit conclusions and audit reports should truly and accurately reflect the audit activities: Any issues encountered during the audit should be reported Significant obstacles and unresolved differences of opinion between the audit team and the auditee: Communication should be true, accurate, objective, timely, Clear and complete: c) Professionalism: Responsible and judgmental in auditing: Auditors should value the importance of the tasks they perform and the trust placed in them by the audit client and other interested parties: working An important element of working professionally is the ability to exercise sound judgment in all audit situations: d) Confidentiality: Information security: Auditors should carefully use and protect information obtained in the course of performing their duties: Auditors or audit clients should not act for personal gain Use audit information inappropriately or in a manner that is detrimental to the legitimate interests of the auditee: This concept includes the proper handling of sensitive or confidential Information: e) Independence: the basis for the impartiality of the audit and the objectivity of the audit conclusions: Auditors should be independent of the activity being audited (so far as practicable) and should be unbiased and disinterested in all circumstances: conflict: For internal audits, where feasible, the auditor should be independent of the function being audited: The auditor should maintain Objectivity to ensure that audit findings and audit conclusions are based solely on audit evidence: For small organizations, it may not be possible for internal auditors to be completely independent of the activities being audited, but every effort should be made to eliminate bias and Now objective: f) Evidence-based approach: A sound approach to arriving at credible and reproducible audit conclusions during a systematic audit process: Audit evidence should be verifiable: As the review was conducted within a limited time and with limited resources, Audit evidence should be based on a sample of the available information: Sampling should be done appropriately as this is relevant to the certainty of the audit conclusions: Faith is closely related: g) Risk-based approach: An audit approach that considers risks and opportunities: A risk-based approach should have a material impact on the planning, conduct and reporting of audits to ensure that the audit focuses on the audit mandate matters that are important to the parties and important to achieving the objectives of the audit programme:5 Management of audit plan5:1 General An audit program should be established, which may include audits of one or more management system standards or other requirements, performed individually or in combination with actual practices: Implementation audit (multi-system audit): The scope and extent of the audit program should be based on the size and nature of the auditee and the nature, functionality and complexity of the management system to be audited: degree, type of risk and opportunity, and maturity level: When most important functions are outsourced and managed under the leadership of other organizations, the functionality of the management system can be even more complex: Need special Pay no attention to where the most important decisions are made and who makes up the top management of the system: In the case of multiple locations/venues (e:g:, different countries), or where significant functions are outsourced and managed under the leadership of another organization When doing so, special attention should be paid to the design, planning and confirmation of the audit plan: For smaller or less complex organizations, the audit program can be adapted appropriately: In order to understand the auditee's environment, the audit program should consider the auditee's: ---Organizational goals; ---Relevant external and internal factors; ---Needs and expectations of relevant interested parties; ---Information security and confidentiality requirements: The planning of an internal audit program, and in some cases a program of audits of external providers, can be used to support other organizational objectives: Make a contribution: Audit program managers should ensure that the integrity of the audit is maintained and that the audit is not unduly influenced: Audits should prioritize the allocation of resources and methods to matters in the management system that have higher inherent risks and lower levels of performance: Competent personnel should be assigned to manage the audit program: The audit program should include the following information and identify resources to enable the audit to be conducted effectively and efficiently within the specified timeframe: a) the objectives of the audit programme; b) risks and opportunities related to the audit program (see 5:3) and countermeasures; c) The scope of each audit in the audit plan (level of detail, boundary, location); d) Audit schedule (number/duration/frequency); e) Type of audit, such as internal or external; f) Audit criteria; g) The audit method to be adopted; h) Criteria for selecting members of the audit team; i) Relevant documented information: Some of the above information may not be available until more detailed audit planning is completed: The performance of the audit program (see 5:6) should be continuously monitored and measured to ensure that its objectives are achieved: The audit program should be reviewed to identify changes needs and possible improvement opportunities (see 5:7): Figure 1 shows the management process of the audit plan: 5:2 Establish the objectives of the audit program The audit client should ensure that the objectives of the audit plan are established to guide the planning and implementation of the audit, and ensure that the audit plan is effectively implemented: The objectives of the audit program should be consistent with the strategic direction of the audit client and support the policies and objectives of the management system: These goals can be based on considerations such as: a) The needs and expectations of relevant parties, including external and internal; b) the characteristics and requirements of processes, products, services and projects, and any changes to them; c) Management system requirements; d) the need for evaluation of external providers; e) The maturity level and performance level of the auditee’s management system are reflected in relevant performance indicators (such as KPIs), non-conformities or incidents occurrence or complaints from relevant parties; f) identified risks and opportunities for the auditee; g) Results of previous audits: Examples of audit program objectives may include: ---Identify opportunities to improve the management system and its performance; ---Evaluate the auditee's ability to determine its environment; ---Evaluate the auditee's ability to identify risks and opportunities and identify and implement effective measures to address these risks and opportunities; ---Comply with all relevant requirements, such as legal and regulatory requirements, compliance commitments, and certification requirements for management system standards; ---Acquire and maintain trust in the capabilities of external providers; --- Determine the ongoing suitability, adequacy and effectiveness of the auditee's management system; ---Evaluate the compatibility and consistency of the management system objectives with the strategic direction of the organization: Note 1: This figure represents the application of the PDCA cycle in this document: Note 2: The clause numbers in the figure indicate relevant clauses of this document: Figure 1 Management process of audit plan 5:3 Identify and evaluate audit program risks and opportunities Certain risks and opportunities related to the auditee's environment may be associated with the audit program and may affect the audit program objectives realization: When determining the audit program and resource requirements, the audit program manager should identify and present to the audit client the risks considered and opportunities to be able to respond appropriately: There may be risks related to: a) Planning, for example, failure to establish relevant audit objectives, and failure to determine the scope and detail, quantity, duration, and location of the audit: points and schedule; b) resources, such as developing an audit program or conducting an audit where time, equipment and/or training are insufficient; c) Selection of the audit team, e:g: insufficient overall ability to conduct the audit effectively; d) Communication, such as ineffective external/internal communication processes/channels; e) Implementation, for example poor coordination of audit work within the audit programme, or failure to consider information security and confidentiality; f) Control of documented information, for example: failure to effectively identify necessary documented information required by auditors and relevant interested parties; failure to adequately Protect audit records to demonstrate the effectiveness of the audit program; g) Monitor, review and improve the audit program, such as monitoring the results of the audit program if it is ineffective; h) Assistance and cooperation of the auditee and availability of evidence for sampling: Opportunities to improve the audit program may include: ---Allow multiple audits in one visit; ---Minimize the time and distance to reach the location; ---Match the audit team's competency level with that required to achieve the audit objectives; ---Coordinate audit dates with the schedule of key personnel of the auditee: 5:4 Establish an audit plan 5:4:1 Role and responsibilities of audit program managers Audit program managers should: a) establish the scope and level of detail of the audit program based on relevant objectives (see 5:2) and any known constraints; b) identify external and internal factors, risks and opportunities that may affect the audit programme, and implement measures to address these factors, as appropriate When incorporating these measures into all relevant audit activities; c) Ensure the selection of the audit team and the overall integrity of the audit activities by assigning roles, responsibilities and authorities, and supporting leadership roles, as appropriate ability; d) Establish all relevant processes, including: ---Coordinate and arrange all audits within the audit program; ---Determine the audit objectives, audit scope and audit criteria, determine the audit methods, and select the audit team; ---Evaluation auditor; ---Establish external and internal communication processes as appropriate; ---Dispute resolution and complaint handling; ---Follow-up activities of the audit, if applicable; ---Report to the audit client and relevant parties when appropriate; e) identify and ensure the provision of all necessary resources; f) ensure that appropriate documented information, including audit program records, is prepared and maintained; g) monitor, review and improve the audit programme; h) Communicate the audit plan with the audit client and relevant parties when appropriate: Audit program managers should seek approval of their program from the audit client: 5:4:2 Competencies of audit program managers Audit program managers should have the necessary skills to effectively and efficiently manage the program and its associated risks and opportunities, as well as external and internal factors Ability, including knowledge of: a) Audit principles (see Chapter 4), methods and processes (see A:1 and A:2); b) Management system standards, other relevant standards and reference/guidance documents; c) Information about the auditee and its environment (e:g: external/internal factors of the auditee, relevant interested parties and their needs and expectations, business activities, products, services and processes); d) Legal, regulatory and other requirements applicable to the auditee’s business activities: Where appropriate, knowledge of risk management, project and process management and information and communications technology (ICT) may be considered: Audit program managers should participate in appropriate continuous improvement activities to maintain the necessary capabilities to manage the audit program: 5:4:3 Establish the scope and level of detail of the audit program The audit program manager should determine the scope and level of detail of the audit program, based on the information provided by the auditee about its environment: information (see 5:3): Note: In some cases, depending on the structure or activities of the auditee, the audit program may include only one audit (e:g: a small project and organization): Other factors that influence the scope and level of detail of the audit program may include: a) The objectives, scope, duration of each audit, as well as the number of audits and reporting methods, including audit follow-up activities when applicable; b) Management system standards or other applicable guidelines; c) the number, importance, complexity, similarity and location of the activities audited; d) Factors affecting the effectiveness of the management system; e) Applicable audit criteria, such as planned arrangements for management system standards, legal and regulatory requirements and other organizational commitments Require; f) Results of previous internal or external audits and management reviews, if applicable; g) Review results of previous audit programs; h) Linguistic, cultural and social factors; i) Concerns of relevant parties, such as customer complaints, non-compliance with legal and regulatory requirements and other requirements of organizational commitments, or supply chain factors; j) Significant changes in the auditee’s environment or its operations and related risks and opportunities; k) the availability of information and communications technology to support audit activities, especially where remote audit methods are used (see A:16); l) The occurrence of internal and external events, such as substandard products or services, information security leaks, health and safety incidents, crimes for or environmental events; m) Business risks and opportunities, including measures to address them: ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 19011-2021_English be delivered?Answer: Upon your order, we will start to translate GB/T 19011-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 19011-2021_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 19011-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 19011-2021?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 19011-2021 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
