Batalas Logo
0

ISO 19011:2018 Risk-Based approach

Depositphotos 130898138 900x600 small filesize
Depositphotos 130898138 900x600 small filesize

ISO 19011:2018 Risk-Based approach

A seventh auditing principle? Surely not! Risk-based approach, hmmm, surely we have been always been doing that in auditing? Well yes, possibly, but to what extent? Try these questions on for size:

1. Does risk influence your overarching audit programme?
2. Does risk influence what your auditors cover in their audits?
3. Do your auditors know how to ask risk-based or hypothetical questions?
4. Do your auditors know how to audit risk management or “risk-based thinking”?
5. Do your auditors have actions in place to assess the risk of audit objectives not being met?

Hence, risk in management systems and risk in management system auditing is quite multi-faceted.  Let us now imagine how your average company might respond to each of the above questions:

1. Does risk influence your overarching audit programme?
“We audit our critical processes more frequently.”

2. Does risk influence what your auditors cover in their audits?
“We instruct our auditors to focus on high risk areas.”

3. Do your auditors know how to ask risk-based or hypothetical questions?
“We encourage our auditors to use ‘what if’ scenarios to test out potential risk.”

4. Do your auditors know how to audit risk management or “risk-based thinking”?
“We tell our auditors to check if area managers are routinely looking at risks & opportunities.”

5. Do your auditors have actions in place to assess the risk of audit objectives not being met?
“We give ample time for our auditors to prepare to increase the effectiveness of our audit programme.”

Auditor competence is coming under more scrutiny and gets higher billing in the latest ISO 19011 standard. If you ask auditors to prove their competence, they might show you a training certificate. But does that demonstrate competence? Probably not if you use the ISO 9000 definition of competence “ability to apply knowledge and skills to achieve intended results”. So how can we ensure that auditors are not only trained but that they demonstrate the learning during the audits. Here are three ways:

1. an experienced auditor observes them once or twice a year and provides feedback.
2. an experienced auditor reviews their audit reports and provides feedback.
3. feedback is obtained from those involved in the audit.

The third method may not be effective as you could get remarks like “he was very friendly” and “she was very interested” which although are positive auditor traits, they don’t demonstrate that a good audit was carried out. You may even get, “it was a great audit, we did not receive any nonconformities” which also tells us nothing. So, a mix of 1 and 2 may be the most reliable and it would be very good practice to draw up a list of competencies for your auditors and then measure them against these when an audit is carried out. Some competencies may be specific to the live audit and some may be specific to the report.

Risk-based approach is subtle, and its benefits are multiple.

Want to improve your Risk-Based Thinking?

Our helpful team of ISO experts can guide you on the right path for your needs.

Get in touch

Related Courses

You may also be interested in

Back to Videos & Blogs

Stay up to date with industry news, courses and offers

By subscribing, you consent to receive marketing emails from Batalas. Your data will not be forwarded to any third parties, and you can unsubscribe anytime.

By clicking ‘Sign up’ you agree to the Terms and Conditions and Privacy Policy.

portrait happy young freelancer using laptop

More Resources to make your studies go further

With over 60 years experience, our expert team have a wealth of knowledge to share. From auditing tips to FAQ’s, we have a range of resources to support you.

All resources

Let’s level up your career together

Are you a new auditor looking for ISO training advice? Or do you want to build on existing auditing skills to boost your career?


Whatever your need, our experienced and knowledgeable Batalas team can guide you on the right training path to help you reach your professional goals.

Get in touch

Batalas Ltd is a limited company registered in England and Wales. Registered number: 3736166. Registered office: Unit C4 Lakesmere Road, Horndean, Waterlooville, PO8 9JU

© 2026 Batalas ltd, All Rights Reserved. 

Return

Training Courses

View all ISO 9001 Courses

ISO 9001:2015 Foundation QMS

CQI | IRCA

An entry-level course which teaches an understanding of ISO 9001 QMS.

ISO 9001:2015 Internal Auditor QMS

CQI | IRCA

Discover how to conduct, report and follow up on an internal audit.

ISO 9001:2015 Lead Auditor

CQI | IRCA

Gain the knowledge and skills to manage internal, third-party, and supplier audits.

View all AS 9100 Courses

AS9100:2016 Rev D Introduction

A short online course that provides a basic overview of AS9100:2016 Rev D.

AS9100:2016 Rev D Foundation

CQI | IRCA

Discover the requirements of AS9100 and a Management System.

AS9100:2016 Rev D Internal Auditor

CQI | IRCA

Understand auditor responsibilities and how to conduct an internal audit.

AS9100:2016 Rev D Lead Auditor

CQI | IRCA

For new or existing auditors who wish to conduct internal, external and supplier audits.
View all ISO 13485 Courses

MD-QMS ISO 13485:2016 Foundation

CQI | IRCA

Achieve an understanding of ISO 13485 and a Management System.

MD-QMS ISO 13485:2016 Internal Auditor

CQI | IRCA

Gain the knowledge and skills to conduct internal audits of a management system.

MD-QMS ISO 13485:2016 Lead Auditor

CQI | IRCA

Learn how to lead audits within an organisation or for third parties and suppliers.

View all ISO 27001 Courses

ISO/IEC 27001:2022 Foundation

CQI | IRCA

Perfect for new auditors wanting to learn about ISO 27001 ISMS.

ISO/IEC 27001:2022 Internal Auditor

CQI | IRCA

Conduct internal audits of an Information Security Management System.

ISO/IEC 27001:2022 Lead Auditor

CQI | IRCA

Learn how to manage internal audits, plus third parties and suppliers.

ISO/IEC 27001:2022 Auditor Conversion

CQI | IRCA

Designed for existing lead auditors who want to audit against ISO 27001 ISMS.

View all ISO 14001 Courses

ISO 14001:2015 Foundation

CQI | IRCA

Gain knowledge of an Environmental Management System.

ISO 14001:2015 Internal Auditor

CQI | IRCA

Learn how to carry out an internal audit against ISO 14001.

ISO 14001:2015 Auditor Conversion

CQI | IRCA

Perfect for existing lead auditors who want to learn ISO 14001 to expand their knowledge.

View all ISO 45001 Courses

ISO 45001:2018 Introduction

Gain a basic understanding of ISO 45001 with this short online course.

ISO 45001:2018 Foundation

CQI | IRCA

Beginners course that teaches the requirements of ISO 45001 OHSAS.

ISO 45001:2018 Auditor Conversion

CQI | IRCA

For current lead auditors who wish to increase their knowledge by learning ISO 45001.

View all IMS Training Courses

Integrated Management System (IMS) Internal Auditor

Learn how to conduct an internal audit of your integrated management system.
View all GDPR Training Courses

GDPR Introduction

An interactive 1hr online course that teaches an overview of the GDPR.

GDPR Team Overview

GDPR training for your team at your workplace.

View all Auditor Workshops

ISO 9001:2015 Management Overview

Understand the new responsibilities placed on managers in ISO 9001:2015.

Supplier Auditor Course

Learn how to conduct audits of new and existing suppliers effectively.

ISO 9001:2015 Risk-Based Thinking

Improve your knowledge and skills for effective risk-based thinking.

Audit Skills Workshop

Bring your team together with a fun and energetic team-building session.

View all Learning Styles

Classroom Training

Virtual Training

Online Training

Public Training

In-House Training

View all Courses

Return

Audit Support

We have a wealth of experience working with ISO management systems and can assist auditors who require support.

ISO Management System Assessment 
A review of an outdated or overcomplicated ISO management system
Audit Mentoring
Live audit observation and recommendations for any improvements
Gap Analysis
Identify potential gaps in the effectiveness of a management system
View all Audit Support

Return

View all Resources

Return

About Us

Show more results...

Generic filters

Alternatively, use our Course Selector to find the perfect course for you:

Find your course