ISO 19011 · AUDIT PROGRAMME · FINDINGS · MAJOR/MINOR NC · OFI

Audit programme, criteria and findings classification in 3 seconds.

ISO 19011 is the reference guide for any internal audit team. IgeraIndustria makes the audit programme, auditor competence, evidence collection techniques and findings classification (major NC, minor NC, opportunity for improvement) instantly queryable. Answers in seconds with exact clause references.

ISO 19011:2018 indexed Major/minor NC/OFI classification <3s response

ISO 19011: the most widely used audit standard and the least leveraged

Virtually all companies certified to ISO 9001, 14001 or 45001 are required to maintain an internal audit programme. Yet most manage it with outdated checklists, auditors without specific training, and findings classified incorrectly. ISO 19011 is there to fix that.

3rd ed.

ISO 19011:2018 is the third edition. It incorporates guidance for remote audits and risk management of the audit programme itself.

Cl. 5

Audit programme: the most neglected element. Many companies audit out of habit, without clear objectives or risk management of the programme itself.

Cl. 7

Auditor competence: the primary cause of misclassified findings or insufficient evidence in internal audits.

Cl. 6.4.7

Findings classification: major NC vs minor NC vs OFI. Confusion between categories creates conflict between auditees and auditors.

The quality manager spends hours searching for whether a finding is a major or minor NC, how to draft the audit report, what competences the audit team must demonstrate, or how to structure the annual programme. IgeraIndustria answers those questions in seconds, with exact reference to the ISO 19011 clause, so the audit team can focus on conducting high-quality audits.

Instant ISO 19011 queries by audit area

IgeraIndustria locates the exact ISO 19011 clause applicable to each question and responds with the requirements, recommended techniques and findings classification criteria defined by the standard.

Complete audit programme (cl. 5)

Ask in natural language — «what must the annual internal audit programme include?» — and IgeraIndustria returns the mandatory elements per ISO 19011 cl. 5: objectives, scope, criteria, methods, resources, frequency and programme risk management.

Individual audit planning (cl. 6.3)

What must be documented in the audit plan: specific objectives, criteria and reference documents, scope (processes, areas, locations), date and duration, audit team roles and interview and activity schedule.

Findings classification major NC/minor NC/OFI (cl. 6.4.7)

Exact criteria for classifying a finding as a Major Nonconformity, Minor Nonconformity or Opportunity for Improvement. What evidence is required to support each category and how to write up the finding in the audit report.

Auditor competence and evaluation (cl. 7)

Attributes, knowledge and skills an internal auditor must demonstrate per ISO 19011. How to assess the competence of the audit team, how to document it, and what criteria to use to select the appropriate auditor for each process.

Evidence collection techniques (cl. 6.6)

Guidance on interviews, direct observation, document review and sampling. When to use each technique, how to document the evidence obtained and what makes evidence valid and sufficient to support a finding.

Audit report and follow-up (cl. 6.7 and 6.8)

Minimum content of the audit report per ISO 19011: programme data, audit team, scope, criteria, classified findings and conclusions. Management of corrective action follow-up and verification of closure.

Full support across the ISO 19011 audit cycle

From planning the annual programme to closing corrective action plans, IgeraIndustria supports the audit team at every stage of the cycle defined by ISO 19011.

Risk-based annual audit programme design

ISO 19011 recommends defining the frequency and scope of each audit based on process risk and importance. IgeraIndustria helps structure the programme using this logic: higher frequency for critical processes or those with a history of previous nonconformities.

Checklists by standard and process

For each planned audit (ISO 9001, 14001, 45001 or sector-specific), IgeraIndustria generates audit questions aligned with the standard criteria and the process being audited, reducing the preparation time for the audit team.

Interview and direct observation guidance

Structured interview techniques for internal audits: how to formulate open questions that generate verifiable evidence, how to document on-site observations and how to cross-reference information from different sources to support a finding.

Assisted findings classification with evidence

After the audit, the audit team can ask IgeraIndustria whether a finding should be classified as a Major NC, Minor NC or OFI, with the exact reference to ISO 19011 cl. 6.4.7 and comparable examples from the same standard or audited process.

Audit report drafting

Report structure per ISO 19011 cl. 6.7: how to write up findings with objective evidence, how to formulate conclusions, what level of detail each section requires and how to communicate results constructively to the auditee.

Action plan follow-up and findings closure

Management of the full follow-up cycle: verifying that corrective actions address the root cause, effectiveness criteria for closing a finding, reasonable timescales based on finding category and required closure documentation.

The 4 key clauses of ISO 19011:2018

These clauses concentrate the bulk of questions from internal audit teams. IgeraIndustria explains them with exact requirements, practical examples and the most common errors in applying the standard.

Cl. 5 — Managing the audit programme

Clause 5 of ISO 19011 establishes how the audit programme must be managed as a whole: establishing programme objectives, identifying and evaluating programme risks (what might prevent audits from being conducted at the intended quality), defining required resources, establishing programme procedures and reviewing and improving the programme based on results. The difference between a reactive audit programme (auditing because it is due) and a risk-managed one (auditing what matters, at the right frequency) is defined in this clause.

Cl. 6.4.7 — Findings classification: major NC, minor NC and OFI

Clause 6.4.7 is the most frequently consulted in internal audits because it defines how findings must be classified. A Major NC is a failure to comply with a requirement that significantly compromises the effectiveness of the system or puts intended results at risk. A Minor NC is an isolated or occasional failure to comply with a requirement that does not invalidate the system as a whole. An Opportunity for Improvement (OFI) identifies a potential improvement without a requirement failure. Classification criteria must be agreed during the audit planning phase and be known to both the audit team and the auditee.

Cl. 7 — Competence and evaluation of auditors

Clause 7 defines the personal attributes and competences an auditor must demonstrate (integrity, open-mindedness, diplomacy, observational ability, perceptiveness, versatility, tenacity, evidence-based decision making) and the specific competences required according to the type of management system being audited. ISO 19011 provides a table of knowledge and skills required for audits of ISO 9001, 14001 and 45001. The competence assessment of the audit team must be documented and kept up to date within the audit programme.

Cl. 6.6 — Information and evidence collection techniques

Clause 6.6 details the methods for collecting objective evidence during the audit: individual or group interviews, questionnaires, direct observation of activities, document and record review, and sampling. ISO 19011:2018 also incorporates specific guidance for audits conducted using communication technology (remote audits). Evidence must be verifiable, sufficient and relevant to support the findings and audit conclusions.

How IgeraIndustria works for ISO 19011

Five steps from setting up the audit programme to receiving an answer with the exact ISO 19011 clause and findings classification criteria.

01

You load your audit programme and management system documentation

Upload your annual audit programme, existing checklists, previous audit reports and findings records. IgeraIndustria processes them together with the full ISO 19011:2018 standard in under 24 hours.

02

You connect the assistant to your audit team

Embed in the quality portal, Teams, Slack or as direct access for the audit team. One line of code. The team can query before, during and after each audit.

03

The internal auditor asks in natural language

«Is this finding a major or minor NC?», «What must the audit plan include per ISO 19011?», «How do I assess auditor competence?», «What techniques should I use to audit the purchasing process?»

04

IgeraIndustria searches across 2 knowledge layers

First in your internal documentation (audit programme, historical reports, previous findings), then in the indexed ISO 19011:2018 standard with all clauses, guidelines and competence tables.

05

Answer with clause, criteria and practical guidance

The response cites the applicable ISO 19011 clause, states the classification criteria, the required evidence and practical guidance for the specific case. If there are precedents in previous reports, it references those too.

IgeraIndustria in action — major vs minor NC classification ISO 19011

Findings classification query resolved in under 3 seconds with exact reference to ISO 19011 cl. 6.4.7 and applicable definitions.

IgeraIndustria — Widget ISO 19011 Audits

Internal Auditor

During our ISO 9001 internal audit we found the calibration procedure was not followed for 2 out of 15 pieces of equipment. Is this a major or minor NC according to ISO 19011?

IgeraIndustria

ISO 19011:2018 — Clause 6.4.7 Findings classification

Classification criteria:

  • Major NC: failure that significantly compromises management system effectiveness
  • Minor NC: isolated or occasional failure that does not invalidate the system as a whole

Applied to your case (2 of 15 items):

  • • If the 2 items affect critical measurement processes: consider Major NC
  • • If non-critical equipment and procedure exists and is followed for the remaining 87%: classify as Minor NC
  • • Required evidence: calibration records for the 2 affected items

ⓘ Classification criteria must be agreed before the audit (ISO 19011 cl. 6.3)

✓ ISO 19011:2018 Clause 6.4.7 · Confidence: 98.9%

300

employees, manufacturing company

-50%

internal audit preparation time

100%

certified internal audit team

We had 6 internal auditors with very mixed training backgrounds and we were constantly arguing about whether a finding was a major NC, minor NC or an observation. Since we started using IgeraIndustria, we all consult the same reference — ISO 19011 cl. 6.4.7 — and our reports are consistent. Preparation time for each audit dropped by 50% and auditees receive clearer, better-supported findings. The overall standard of our audit team has improved noticeably.

Quality and Internal Audit Manager

Manufacturing company — 300 employees — Central Region

*Representative testimonial based on real client results

Frequently asked questions — ISO 19011:2018

What is the difference between ISO 19011 and ISO 17021?

ISO 19011 provides guidelines for auditing management systems in general (internal audits and second and third-party audits), while ISO 17021 applies specifically to accredited certification bodies that conduct third-party audits to issue certificates. In practice, ISO 19011 is the guide companies use to manage their internal audit programme and second-party audits of suppliers. ISO 17021 is the standard that bodies such as AENOR, Bureau Veritas, TUV or SGS must comply with in order to certify their clients. A quality manager preparing an annual internal audit programme works with ISO 19011, not ISO 17021.

What must an annual audit programme include according to ISO 19011?

ISO 19011 clause 5 establishes the minimum elements of the audit programme: programme objectives, scope of each audit (processes, areas, periods), audit criteria (applicable standards and procedures), audit methods (interviews, observation, document review), selection and competence of the audit team, required resources and timescales. The programme must be reviewed and improved based on results achieved. ISO 19011 also requires that the risks of the audit programme itself be managed: what might prevent audits from being carried out with the intended quality. The frequency of each audit must be determined based on the risk and importance of the process or area being audited.

What competences must an internal auditor have according to ISO 19011?

ISO 19011 clause 7 defines the attributes and competences of the auditor: knowledge of audit principles, knowledge of the management system being audited (ISO 9001, ISO 14001, ISO 45001, etc.), knowledge of the organisational context, interviewing and communication skills, analytical and critical thinking ability, integrity and discernment. Internal auditors must be able to demonstrate their competence through specific audit training, experience in the area being audited and sufficient independence to issue objective findings. The standard recommends that selection of the audit team takes these competences into account in a documented manner, and that the organisation maintains an internal auditor development programme.

What evidence collection techniques does ISO 19011 cover?

ISO 19011 clause 6.6 describes information collection techniques: interviews with personnel (at all hierarchical levels), direct observation of activities and processes, review of documents and documented information, and verification of records. The standard also covers sampling techniques when it is not possible to review 100% of records. Audit evidence must be verifiable, objective and sufficient to support findings. ISO 19011:2018 (third edition) additionally incorporates guidance for remote audits conducted using communication technology (video conferencing, online access to document management systems), relevant especially for second-party audits of geographically dispersed suppliers.

How are findings classified in an audit? Major NC, minor NC and OFI.

ISO 19011 clause 6.4.7 addresses the classification of findings. A Major Nonconformity (Major NC) is a failure to comply with a requirement that significantly compromises the effectiveness of the management system or puts at risk the achievement of intended results (for example, the complete absence of a requirement mandated by the standard). A Minor Nonconformity (Minor NC) is an isolated or occasional failure to comply with a requirement that does not invalidate the system as a whole (for example, an incomplete record or a procedure not consistently followed). An Opportunity for Improvement (OFI) is not a failure to comply with a requirement, but a situation that, if addressed, could improve the effectiveness of the system. Findings must be recorded with objective evidence supporting them.

How should a corrective action plan be managed after an internal audit?

After the audit, the audited organisation must review the findings, determine the root causes of nonconformities and define corrective actions with an assigned owner, deadline and effectiveness verification criterion. ISO 19011 indicates that the person responsible for the audit programme must monitor the status of action plans and verify that they have been properly closed. For each Major NC, closure must be formally verified (which may require a follow-up visit). The results of corrective actions and closure of findings must feed into the review of the audit programme and, in ISO 9001/14001/45001 management systems, the management review (clause 9.3). ISO 19011 also recommends retaining documented information for the entire audit cycle.

IgeraIndustria ISO 19011 plans

No commitment. Cancel whenever you like.

Starter

99/month

For internal audit teams who want to prepare audits faster and classify findings with clear criteria based on ISO 19011.

  • ISO 19011:2018 pre-indexed
  • Findings classification major/minor NC/OFI
  • Evidence collection techniques guide
  • 1,000 queries/month
  • Widget for audit team
  • Email support
Start with Starter
MOST POPULAR

Professional

199/month

For companies with an active audit programme, multiple internal auditors and a need for continuous support throughout the full audit cycle.

  • ISO 19011 + indexed audit programme
  • Assistance designing the annual programme
  • Checklists by standard and process
  • 5,000 queries/month
  • Action plan follow-up
  • Priority support
Start with Professional

Enterprise

399/month

For industrial groups with integrated audit programmes for ISO 9001, 14001 and 45001, multiple sites and audit teams.

  • Multi-site and multi-standard
  • ISO 9001 + 14001 + 45001 integrated
  • Audit team competence management
  • Unlimited queries
  • 99.9% uptime SLA
  • Dedicated customer success
Contact sales

Internal audits with ISO 19011. Correctly classified findings from day one.

  • Free 14-day trial — no credit card required
  • ISO 19011:2018 fully pre-indexed from first access
  • Major/minor NC/OFI classification with exact cl. 6.4.7 reference
  • Upload your audit programme and historical reports for additional context
Start free trial