Quality risk auditing has become killer hot.  ISO developed a new auditing document, ISO 19011: 2011.  ISO says the purpose of the document is to:

ISO 19011:2011 provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditors and audit teams.  ISO 19011:2011 is applicable to all organizations that need to conduct internal or external audits of management systems or manage an audit programme.

The challenge is that guidance standard does not teach auditor how to audit for quality risk and effectiveness.  Risk based auditing is becoming much more critical in the power, cyber security, food, aerospace, pharma, and many other sectors.

Take a look at a ASQ Quality Audit Division talk we gave almost 10 years ago:

https://insights.cermacademy.com/files/2012/11/ASQ-QAD-VAA-presentation.pdf

Or, take a look at the CERM workshop on Value Added Auditing or Risk Based Auditing at:

Risk Assurance™ (Value Added Auditing)

Bio:

Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com)  is the founder of:

CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com

He is the evangelist behind Future of Quality: Risk®.  He is currently working on the Future of Work and machine learning projects.

He is a frequent speaker and expert on Supply Chain Risk Management and cyber security.  His current books available on all platform are shown below: