I’ve observed that ISO management system audits have remained largely unchanged, even after the advent of ISO 19011:2018, the auditing standard that superseded ISO 19011:2011. Auditors are still using clause-based auditing, despite ISO 19011:2018’s direction to take a risk-based approach.

According to ISO, ISO 19011 “provides guidance on auditing management systems, including the principles of auditing, managing an audit program, and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process.”

 …