harvik - ems internal auditing

8/8/2019 Harvik - EMS Internal Auditing

1/32

EMS Internal Auditing


2/32

TRAINING OBJECTIVES

To provide sufficientknowledge and tools to be

able to audit an ISO-14001environmental management

system (EMS)


3/32

TYPE OF AUDITS

First-party Audits Internal Audits Conducted by or on behalf of the organization

for management review

Second-party Audits External Audits Conducted by parties having interest in the

organization, such as customers, or by personson their behalf

Third-party Audits External Audits Conducted by external, independent auditing

organizations, such as those providing

registration or certification


4/32

WHAT IS INTERNAL AUDITING? The assessment of processes to verify thatthey are operating within planned

arrangements- are procedures followed?

- are procedures effective for their purpose?

- do they meet the tenets of ISO 14001?

Factual statements of observations backed

by evidence

Evaluation of processes NOT people!


5/32

WHY AUDIT?WHAT IS THE OBJECTIVE?

Conformance of EMS towards audit

criteria

Checking proper implementation &

maintenance of EMS

Identify areas for improvement

Provide Feed back on EMS toManagement


6/32

Auditors collect EVIDENCE & evaluate it for

CONFORMANCEEvidence : Something that proves or demonstrates a truth

Is verifiable (the same evidence can be collected byindependent auditors)

You can hold in your hand (record)

Conformance: Meeting Criteria (Requirements)

EVIDENCE & CONFORMANCE


7/32

EXERCISE 1: WHAT WOULD BE EVIDENCE OFIMPLEMENTATION OF AN ISO 14001 EMS ?

Element Measure of Implementation

4.2 EnvironmentalPolicy

4.3.2 Legal andOther Requirements

4.3.3 Targets,Objectives andPrograms

4.4.2 Competency,Training andAwareness

4.4.3 Communication

4.4.6 OperationalControl

4.4.7 EmergencyPreparedness and

Response


8/32

COLLECTING AUDIT EVIDENCE

Collect sufficient evidence through

interviews, examination of documents and

observation of activities and conditions

Information from interviews should be

verified through observations, independent

sources, records and existing measurements

Audit findings should be reviewed withauditee to establish their factual basis


9/32

EMS AUDIT INDICATORS

Adequacy of documents, procedures, programs,

records

Implementation/integration/consistency

Progress towards objectives and targets for:

- Compliance - Operational controls

- Reductions - Efficiencies

- Financial returns

Commitment by management to:

- Environmental policy - EMS

Awareness and competency of employees

Continual improvement of EMS


10/32

SELECTION OF AUDITORS

Selection of auditors and conduct of

audits shall ensure: Objectivity

Impartiality of the audit process

Auditors shall not audit their own work


11/32

AUDITOR KNOWLEDGE

& SKILLS

ISO 14001 Requirements & Reference Docs

Auditing Techniques and Procedures

The System Being Audited

Applicable Laws, Regulations and Other

Requirements relevant to establishedsystem


12/32

LEAD AUDITOR KNOWLEDGE & SKILLS

Lead auditor require additional generic knowledge and

skill to lead the efficient & effective conduct of the audit.

Plan Audit

Insuring effective use of resources

Organize and direct team members

Guidance to auditors-in-training

Communication Representing team in communications with Client and

Auditee

Preventing and resolving conflicts

Leading auditors to reach conclusions

Audit Report

Prepare , complete, sign (if required)


13/32

AUDITEE

Determine the need for the audit

Contacting the EMR to obtain his/her full

cooperation and initiating the audit processwith necessary facilities

Defining the objectives of the audit and

informing the employees

If appropriate, approving the composition

of the audit team and providingcompetent staff to accompany the team

Continue


14/32

AUDITEE

Providing appropriate authority and

resources to enable the audit to be

conducted. This includes access to the

facilities, personnel, relevant information

and records as requested by the auditors

Consulting with the EMR to determine thescope of the audit

Approving the EMS audit criteria

Approving the audit plan

Receiving the audit report and determining

its distribution


15/32

INITIATING THE AUDIT1. Audit Scope

The extent and boundaries of the audit in terms

of factors such as physical location and

organizational activities as well as the manner of

reporting

The scope of the audit is determined by the

management and EMR

The auditee should normally be consulted when

determining the scope of the audit

The resources committed to the audit should be

sufficient to meet its intended scope


16/32

INITIATING THE AUDIT

2. Preliminary Document Review

At the beginning of the audit process, the EMRshould review the organizations documentation

such as environmental policy statements,

programs, records or manuals for meeting its EMSrequirements.

Use should be made of all appropriate

background information on the auditees


17/32

PREPARING THE AUDIT

1. Audit Plan

The audit plan should include:

Audit objectives and scope

Audit criteria

Area to be audited

Key personnel in EMS

High audit priority concerns

Applicable procedures/manuals

Reference documents

Time duration of major audit activities

Dates and places where the audit is to be conducted

Audit team

Schedule of meetings


18/32

PREPARING THE AUDIT

Audit plan should be communicated to

auditees, and audit-team members. The

auditee should review and confirm the plan

Any objections from auditee must be resolved

(by the EMR)


19/32

PREPARING THE AUDIT

2. Audit Team Assignments

As appropriate, each audit-team member

should be assigned specific EMS elements,

functions, or activities to audit and be

instructed on the audit procedure to

follow. Such assignments should be made

by the EMR, in consultation with the audit-

team members concerned. During theaudit, the EMR may make changes to the

work assignments to ensure optimal

achievement of the audit objectives


20/32

PREPARING THE AUDIT

3. Working Document The working documents required to facilitate the

auditors investigations may include:

Forms for documenting supporting auditevidence and audit findings

Procedures and checklists used for evaluatingEMS elements

Records of meetings

Copies of applicable standards to be followed

Working documents should be maintained at

least until completion of the audit


21/32

SAMPLE OF AUDIT CHECKLIST

4.3.2 Regulatory Requirements

Verify requirements are in place andmanaged

See if legal requirement are in StandardOperating Procedures (related to significant)

Verify training has been conducted Check identifiers are in place and linked

Determine if communicated to employees

Verify accessible and available Verify appropriate links to related documents


22/32

CONDUCTING THE AUDIT

1. Opening MeetingAn opening meeting is required. The purpose is to:

Review the scope, objectives and audit plan and

agree to the audit timetable

Provide a short summary of the methods and

procedures to be used to conduct the audit

Confirm that the resources and facilities needed

by the auditor are available

Confirm the time and date of the closing meeting

Promote the active participation by the auditee Review relevant site safety and emergency

procedures before the site audit


23/32


2. Collecting Audit Evidence

Audit evidence should be collected through

interviews, examination of documents andobservation of activities and conditions.

Indications of nonconformity to the EMS audit

criteria should be recorded

Information gathered through interviews should

be verified by acquiring supporting informationfrom independent sources, such as observations,

records and results of existing measurements.

Appropriate samples should be collected


24/32


3. Audit Findings

The audit-team should review all of their audit evidence

to determine where the EMS does not conform to the

EMS audit criteria.

Nonconformities should be documented in a clear, concise

manner and supported by audit evidence.

Audit findings should be reviewed with the responsible

auditee manager with a view to obtaining

acknowledgement of the factual basis of all findings of

nonconformities

If within the agreed scope, details of audit findings of

conformity may also be documented, but with due care

to avoid any implication of absolute assurance


25/32


4. Closing Meeting

Required before writing the report

Purpose is to present audit findings to the auditee in

such a manner as to obtain their clear understanding

and acknowledgement of the factual basis of the

audit findings

Disagreement should be resolved, if possible before

EMR issues the report

Final decisions on the significance and description of

the audit findings ultimately rest with the EMR,

though the auditee may still disagree with these

findings


26/32

AUDIT REPORTING

1. Preparation of the Audit Report

The audit report is prepared under the directionof the EMR, who is responsible for its accuracy

and completeness

The topics to be addressed in the audit reportshould be those determined in the audit plan


27/32

AUDIT REPORTING

2. Contents Dated and signed by the EMR Should contain findings/summary with reference to supporting

evidences The agreed objectives, scope and plan of the audit The agreed criteria, including a list of reference documents

against which the audit was conducted

Dates and times Identification of the auditees' representatives participating in

the audit

The identification of the audit-team members Distribution list Summary of the audit process including any obstacles

encountered

Audit conclusions on conformance, suitability, and effectiveness


28/32

TRACE FORWARD AUDIT APPROACH

Activity

Aspect

Legal Requirement Significant Aspect

Objective(s) & Target(s)

Management Program

Operational Controls

Performance Indicators

Management Review

Records


29/32

THE AUDIT INTERVIEW

Auditor introductions

Discuss purpose of audit

Discuss procedure Notes taken

Reports will be issued

Corrective actions may be implemented

Opening questions

Tell me about your Job? Policy, Emergency, Training Questions

Leading questions (if needed)

Thank auditee


30/32

AUDITING QUESTIONS DOS AND DONTS

Try Not to ask Yes or No Questions? If you do, follow up the questions by asking

for proof (evidence)

Use Broad, Open Ended Questions, such as Describe to Me ..

Walk me through how you do this How do you . Show me

Keep the Burden of Proof on the auditee (dont

give them the answer)

You may have to lead them if they dont coverthe material

i.e., Do you have any environmental work

instructions?


31/32

DESIRABLE AUDITOR ATTRIBUTES

Knowledge

Of management principles and practices

Of requirements Of techniques

Sound judgment

Patience and interest

Communicates at all levels

Good listener

Honest and courteous

Organized

Professional


32/32

UNDESIRABLE AUDITOR ATTRIBUTES

Argumentative and opinionated

Inflexible and jumps to conclusions

Easy to influence (believes everything)

Lazy, lacks desire, poor planner

Non-communicative

Insincere

Devious exercise

Nonprofessional

harvik - ems internal auditing

Documents