ISO 19011:2026, Guidelines for auditing management systems, has been published with some changes that may affect your internal audit programme.
But…if you are an existing client of Assent you shouldn’t see much difference, because we already meet many of the new requirements.
What has Changed in ISO 19011:2026?
The latest version of the standard has some important updates that support a modern audit approach.
Remote Auditing
The biggest change in ISO 19011:2026 is directly addressing remote auditing, which has become commonplace. The latest version of the standard has a specific Annex A.16 section for remote auditing which addresses the need to consider risks (and opportunities) that remote auditing introduces to the audit programme.
Participation Criteria of Observers
The latest standard Clause 6.4.2 “Assigning the roles and responsibilities of guides and observers” shows a clear separation of guides who facilitate an audit, for example by identifying the correct individuals to participate in the audit, and observers.
While observer criteria is not explicitly defined in the standard, instead requires organisations to define it, there are three main considerations regarding observers:
- Observers may attend only with approval
- They must not influence or interfere with the audit
- The audit team leader can exclude observers if risk arises
New Risks to the Audit Programme
Several new risks to the audit programme are called out including:
- ICT security risks
- Platform reliability for remote audits
- Loss/availability of auditors
- Sponsorship/leadership engagement
Enhanced Planning & Execution Decisions
The planning and execution points of audits have been updated, largely around remote auditing and associated technology. However it also addresses audit infeasibility due to global/local events and managing dynamic changes in audit plans.
New Competence Requirements for Auditors
Auditor competence should include:
- technical skills to use the appropriate technology while auditing;
- knowledge and skills in effectively conducting the audit remotely.
And auditors must now understand:
- Emerging technologies (including A.I)
- Use of ICT tools
- Remote audit facilitation
Key ISO 19011 differences at a glance
| Area | 2018 Version | 2026 Version |
| Remote auditing | Mentioned | Fully integrated + defined |
| Technology | General references | Explicit requirement & competence |
| Definitions | ISO 9000:2015 | ISO 9000:2026 + new terms |
| Audit programme risks | Operational focus | Includes ICT, remote, resource risks |
| Auditor competence | Traditional skills | Digital + remote + data security |
| Annex A | Supportive guidance | Expanded operational guidance |
Steps You Need to Take
As a forward thinking consultancy we had already implemented a lot of the guidance from ISO/IEC TS 17012:2024 “Conformity assessment — Guidelines for the use of remote auditing methods in auditing management systems” which covers remote auditing – the biggest change in ISO 19011:2026.
If you manage your own audit programme you should consider the guidelines set out in ISO 19011:2026 to ensure a robust and conformant audit, or engage Assent Risk Management as your internal auditors!
