Why Management System Audit Programs Should Utilize ISO 19011

Why Should You Attend:

How often do process owners approach the audit program manager and request an audit? Where do auditors go after being a part of the audit function? How effective and efficient is the audit function? The posed questions require answers by audit program managers in determining whether the audit function is genuinely adding value to the entity, versus just meeting compliance requirements.

If your management system audit programs appear a bit stale, perhaps the reason is that objectives reflect conducting audits under external standards (e.g., ISO 19001, 45001, 14001, 20000). This approach hardly ensures the perception that audits are adding value instead of using up resources that are deployable elsewhere. While meeting the requirements of the audit clause of the standard is necessary, this should not be considered as sufficient if the audit program needs to add significant value to the organization.

The ISO 19011: 2018 Guidelines for Auditing Management Systems goes far beyond how to plan, conduct, and report audits. Unfortunately, most training for auditors only covers these topics, rather than also how to manage and audit program. Audit program managers should consider studying the 19011 guidelines and adopt some of the advice. This webinar will describe many of the reasons and related content for enhancing entity value.

Individual audit objectives and practices vary considerably from entity to entity. There are many kinds of practitioners in audit-related activities, such as external auditors, internal auditors, self-assessment evaluators, quality reviewers, and security assessors. For this reason, the audit system must be adaptive in use and high-level in structure. This webinar facilitates a managerial-level understanding of the ISO auditing standards associated with performing management system assurance services.

Management systems are critical entity-components since they enable efficient organizational planning, organizing, orchestrating, directing, and controlling. Ideally, deployable audit plans for management systems address sustaining entity operations that meet control objectives. Thus, management system audit plans should include (among other things) business, technological, human, and regulatory aspects.

Areas Covered in the Webinar:

• ISO 19011 structure
• Differences between managing an audit and managing an audit program
• Principles of auditing
• Setting audit objectives
• Audit program manager skills and development
• Managing audit resources
• Monitoring and improving the audit program
• Useful annexes in the 19011 guidelines
• A perspective to help shift audit program management

Who Will Benefit:

• Audit Managers
• Quality Managers
• Safety Managers
• Environmental System Managers
• IT Services Managements
• System Managers
• Compliance Managers
• Risk Managers

Robert E. Davis
Professor, Temple and West Chester University

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology.

Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information system auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.

Follow us :