QualityMentors Blog

This blog is a membership based discussion forum on Project Management, Software Quality, CMMI® for development, ISMS and associated subjects. It provides a common platform for our training participants and others to share views and obtain expert opinion on issues related to above subjects. Also, it is used by QualityMentors training participants to upload their personal details in a secured manner in line to the guidelines laid down in ISO/IEC 17024:2003. This blog draws its strength from its members who are welcome to share professional and personal experiences, comments, articles and reference links to make it a preferred knowledge repository for their collective use. It encourages fact based decision making as an success enabler for projects in member organizations.

Risk based auditing


My friend AKM Desai (desaiakm@hotmail.com ) wants me to comment on this topic.

ISO 9000:2005 defines the term risk as ‘effect of uncertainty’, i.e. any potential deviation from expected results which may be positive or negative…

ISO 19011:2011 introduced the concept of risk in auditing. It included  both, the risk of the audit process not achieving its objectives and the risk of the audit to interfere with the auditee’s activities and processes. However, it does not provide specific guidance on the
organization’s risk management process.

Specific requirements for managing an effective risk management is provided  in Annex SL standards like  ISO 9001:2015 (QMS Requirements), ISO 27001:2013 (ISMS Requirements) and ISO 27002:2013 (Implementation guidance to ISMS) etc. Internal and external audits  conforming to  ISO 19001:2011 guidelines and clause 9.2 of requirements standards like ISO 9001:2015 and ISO 27001:2013 can be defined  as ‘Risk based auditing’. Such internal and external audits  should be conducted in a seemliness  manner to achieve stated audit objectives, without interfering with organisational operations to the extent possible  and with full conformance to the requirements in clause 4, 6 and 8  of above requirements standards.

 

Advertisements

2 responses to “Risk based auditing

  1. akmdesai January 8, 2017 at 2:03 AM

    Thank you so much Ribhu Sir for the clarification about Risk bases Internal Audit.

  2. Ribhu Lavania January 8, 2017 at 8:31 AM

    You are welcome!
    Ribhu

%d bloggers like this: