4.7 Risk-based approach

The entry 4.7 in ISO 19011:2018 explains that auditors should apply a risk-based approach, focusing audit planning and execution on areas where non-conformities could have the greatest impact on the management system's effectiveness. This method helps allocate resources efficiently and ensures that higher-risk processes receive proportionally more scrutiny.