Why Management System Audit Programs Should Utilize ISO 19011

How often do process owners approach the audit program manager and request an audit? Where do auditors go after they’ve been a part of the audit program? How effective and efficient is the audit program? These are some of the questions than can help audit program managers know whether or not the program is truly adding value for the organization, versus just meeting compliance requirements.

An audit program should be thought of and managed as if it were an independent business, including stakeholder analysis and feedback, setting objectives, developing necessary processes for managing resources and risks, measuring and improving performance, and even marketing the organization to potential customers and other stakeholders.

This webinar will cover these topics as well as others more specifically related to the audit process, such as how professional judgement & intent need to be considered, auditing risks & opportunities, and how life-cycle considerations can impact the focus of audits.

• ISO 19001 structure 
• Differences between managing an audit and managing an audit program 
• Principles of auditing 
• Setting audit objectives 
• Audit program manager skills and development 
• Managing audit resources 
• Monitoring and improving the audit program 
• Useful annexes in the 19001 guidelines 
• What’s missing 
• A perspective to help shift audit program management

If it seems like your quality/safety/environmental/IT services, + management system audit program is getting a bit stale, perhaps it’s because the objective has simply been to conduct audits in accordance with the requirements of the external standards (e.g., ISO 19011, 45001, 14001, 20000, +). This will hardly ensure that audits are perceived as adding value, as opposed to simply using up resources that could be deployed elsewhere. While meeting the requirements of the audit clause of the standard is necessary, it should not be considered as sufficient if the audit program is to add significant value to the organization.

The ISO 19001:2018 Guidelines for Auditing Management Systems goes far beyond how to plan, conduct and report audits. Unfortunately, most training for auditors only covers these topics, rather than also how to manage and audit program. Audit program managers should consider studying the 19001 guidelines and adopt some of the advice.This webinar will describe many of the reasons and related content

• Audit program manager
• Quality Manager
• Safety Manager
• Environmental System Manager
• IT Services Management
• System Manager
• Audit coordinator

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.